4 matches found
CVE-2023-7201
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2023-7201 Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2023-7201
CVE-2023-7201 affects the Everest Backup WordPress plugin (versions prior to 2.2.5). The flaw allows high-privilege users (e.g., admin) to upload arbitrary files due to improper validation, including in multisite setups. Red Hat and CVE sources corroborate the same description. Remediation: upgra...
WordPress Everest Backup Plugin < 2.2.5 is vulnerable to Arbitrary File Upload
Software Everest Backup Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-7201 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID e4434e41add7 Credits Emad Required privilege Administrator Publish...