CVE-2023-23656

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve
https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

Configurations

No configuration.

History

21 Nov 2024, 07:46

Type	Values Removed	Values Added
References	~~() https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve -

27 Mar 2024, 12:29

Type	Values Removed	Values Added
Summary		(es) Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en MainWP MainWP File Uploader Extension. Este problema afecta a MainWP File Uploader Extension: desde n/a hasta 4.1.

26 Mar 2024, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-26 20:15

Updated : 2024-11-21 07:46

NVD link : CVE-2023-23656

Mitre link : CVE-2023-23656

CVE.ORG link : CVE-2023-23656

JSON object : View

Products Affected

No product.

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

10.0 /10