CVE-2020-36706

The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Configurations

Configuration 1 (hide)

cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 05:30

Type Values Removed Values Added
References () https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/ - Exploit, Third Party Advisory () https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/ - Exploit, Third Party Advisory
References () https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 - Third Party Advisory () https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 - Third Party Advisory
References () https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/ - Third Party Advisory () https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/ - Third Party Advisory
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve - Third Party Advisory () https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve - Third Party Advisory

26 Oct 2023, 17:32

Type Values Removed Values Added
CWE CWE-434
References (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve - (MISC) https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve - Third Party Advisory
References (MISC) https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/ - (MISC) https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities/ - Exploit, Third Party Advisory
References (MISC) https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/ - (MISC) https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0/ - Third Party Advisory
References (MISC) https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 - (MISC) https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 - Third Party Advisory
First Time Simple-press
Simple-press simple\
CPE cpe:2.3:a:simple-press:simple\:press:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

20 Oct 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-20 07:15

Updated : 2024-11-21 05:30


NVD link : CVE-2020-36706

Mitre link : CVE-2020-36706

CVE.ORG link : CVE-2020-36706


JSON object : View

Products Affected

simple-press

  • simple\
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type