CVE-2023-45603 - OpenCVE

Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Plugin-planet	User Submitted Posts

Configuration 1 [-]

cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-20T18:38:19.544Z

Updated: 2023-12-20T18:38:19.544Z

Reserved: 2023-10-09T10:11:54.306Z

Link: CVE-2023-45603

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-20T19:15:10.117

Modified: 2023-12-27T19:47:42.173

Link: CVE-2023-45603

JSON object: View

Redhat Information

No data.

CWE

CWE-434

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-45603", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-10-09T10:11:54.306Z", "datePublished": "2023-12-20T18:38:19.544Z", "dateUpdated": "2023-12-20T18:38:19.544Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "user-submitted-posts", "product": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End", "vendor": "Jeff Starr", "versions": [{"changes": [{"at": "20230914", "status": "unaffected"}], "lessThanOrEqual": "20230902", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Rafie Muhammad (Patchstack)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.<p>This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.</p>"}], "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-20T18:38:19.544Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 20230914 or a higher version."}], "value": "Update to\u00a020230914 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plugin-planet:user_submitted_posts:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30351C20-5F3A-4481-BA28-45546B8E8F52", "versionEndIncluding": "20230902", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.\n\n"}, {"lang": "es", "value": "Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End. Este problema afecta a User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End desde n/a hasta 20230902."}], "id": "CVE-2023-45603", "lastModified": "2023-12-27T19:47:42.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2023-12-20T19:15:10.117", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "audit@patchstack.com", "type": "Primary"}]}