2 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23656 – WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability

https://notcve.org/view.php?id=CVE-2023-23656

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en MainWP MainWP File Uploader Extension. Este problema afecta a MainWP File Uploader Extension: desde n/a hasta 4.1. The MainWP File Uploader Extension for WordPress is vulnerable to arbitrary file uploads in versions up to, and including, 4.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/mainwp-file-uploader-extension/wordpress-mainwp-file-uploader-extension-plugin-4-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23653 – MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion

https://notcve.org/view.php?id=CVE-2023-23653

The MainWP File Uploader Extension for WordPress is vulnerable to arbitrary file download. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary files from the affected site. • CWE-862: Missing Authorization •