5 matches found
CVE-2023-2996
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...
CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...
CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization...
CVE-2023-2996
Jetpack WordPress plugin (versions prior to 12.1.1) is affected by a vulnerability where uploaded files are not validated. This allows users with author roles or higher to manipulate existing files, delete arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. ...
WordPress JetPack Plugin Arbitrary File Manipulation Vulnerability (CVE-2023-2996)
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:automattic:jetpack"; if description...