5 matches found
WordPress JetEngine Plugin < 3.1.3.1 is vulnerable to Remote Code Execution (RCE)
Software JetEngine Type Plugin Vulnerable versions 3.1.3.1 Fixed in 3.1.3.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2023-1406 Patch priority High CVSS severity High 9.1 Developer Crocoblock PSID a91fe4278b33 Credits R3zk0n Required privilege Author Published 11...
CVE-2023-1406
creationtimestamp| type| source ---|---|--- 2023-04-10 18:36:03+00:00| seen| https://t.me/cibsecurity/61761...
CVE-2023-1406 JetEngine < 3.1.3.1 - Author+ Remote Code Execution
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...
CVE-2023-1406 JetEngine < 3.1.3.1 - Author+ Remote Code Execution
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability...
CVE-2023-1406
CVE-2023-1406 affects the JetEngine WordPress plugin prior to 3.1.3.1. The vulnerability arises from uploading files without sufficient checks to prevent executable content, enabling remote code execution. A fix is available: upgrade to JetEngine 3.1.3.1 or later. If upgrading is not possible, ap...