CVE-2023-48275 – WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability

https://notcve.org/view.php?id=CVE-2023-48275

Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los widgets Trustindex.Io para reseñas de Google. Este problema afecta a los widgets para reseñas de Google: desde n/a hasta 11.0.2. Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the ~/tabs/feature_request.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •