CVE-2023-0255

Published Feb 13, 2023

Last updated a year ago

Overview

Description: The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
Source: contact@wpscan.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-434

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:shortpixel:enable_media_replace:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF54F621-EBCF-427B-BE0C-EF3462D3A5F9",
            "versionEndExcluding": "4.0.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References