The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-02T07:04:48.615Z
Updated: 2023-05-02T07:04:48.615Z
Reserved: 2023-02-20T16:55:29.738Z
Link: CVE-2023-0924
JSON object: View
NVD Information
Status : Modified
Published: 2023-05-02T08:15:09.620
Modified: 2023-11-07T04:01:56.437
Link: CVE-2023-0924
JSON object: View
Redhat Information
No data.
CWE
No CWE.