WordPress Plugin Vulnerabilities

Snow Monkey Forms < 5.0.7 - Unauthenticated Path Traversal

Description

The plugin does not validate file path, allowing unauthenticated users to upload files to arbitrary folders

Affects Plugins

Plugin icon
snow-monkey-forms
Fixed in 5.0.7

References

CVE
CVE-2023-28413
URL
https://jvn.jp/en/jp/JVN01093915/

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Monkey Wrench Inc.
Verified
No
WPVDB ID
19981b34-5343-454b-a45b-8262f3da8718

Timeline

Publicly Published
2023-05-15 (about 2 years ago)
Added
2023-05-16 (about 2 years ago)
Last Updated
2023-05-16 (about 2 years ago)

Other

Published
Title
Published
2022-10-31
Title
Booster for WooCommerce - ShopManager+ Arbitrary File Download
Published
2016-03-29
Title
Ebook Download < 1.2 - Directory Traversal
Published
2020-08-11
Title
Add From Server <= 3.3.3 - Authenticated Path Traversal to Arbitrary File Access
Published
2021-09-02
Title
Simple Download Monitor < 3.9.5 - Contributor+ Arbitrary File Download via Path Traversal
Published
2023-02-28
Title
GMace <= 1.5.2 - Admin+ Path Traversal