CVE-2020-36706
Simple:Press – WordPress Forum Plugin <= 6.6.0 - Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
The Simple:Press – WordPress Forum Plugin para WordPress es vulnerable a cargas de archivos arbitrarias debido a la falta de validación del tipo de archivo en el archivo ~/admin/resources/jscript/ajaxupload/sf-uploader.php en versiones hasta la 6.6.0 incluida. Esto hace posible que los atacantes carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecución remota de código.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2020-09-25 CVE Published
- 2023-06-06 CVE Reserved
- 2024-09-12 CVE Updated
- 2024-09-12 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://wpscan.com/vulnerability/27d4a8a5-9d81-4b42-92be-3f7d1ef22843 | Third Party Advisory | |
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-simple-press-wordpress-forum-arbitrary-file-upload-6-6-0 | Third Party Advisory | |
https://www.wordfence.com/threat-intel/vulnerabilities/id/53eba5b4-7cc0-48e1-bb9c-6ed3207151ab?source=cve | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://blog.nintechnet.com/wordpress-simplepress-plugin-fixed-critical-vulnerabilities | 2024-09-12 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Simple-press Search vendor "Simple-press" | Simple:press Search vendor "Simple-press" for product "Simple:press" | < 6.6.1 Search vendor "Simple-press" for product "Simple:press" and version " < 6.6.1" | wordpress |
Affected
|