CVE-2023-2688
Last modified
CVE-2023-2688 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.. EPSS estimates a 1.74% chance of exploitation in the next 30 days.
Description
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfu_newpath. This allows administrator-level attackers to move files uploaded with the plugin (located in wp-content/uploads by default) outside of the web root.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Iptanus | Wordpress File Upload | <= 4.19.1 |
| Iptanus | Wordpress File Upload Pro | <= 4.19.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-2688?
How severe is CVE-2023-2688?
How do I fix CVE-2023-2688?
Are you affected by CVE-2023-2688?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST