WordPress Plugin Vulnerabilities

Olive One Click Demo Import <= 1.1.2 - Admin+ Arbitrary File Upload

Description

The plugin is vulnerable to arbitrary file uploads due to missing file type validation in the olive_one_click_demo_import_save_file function. This makes it possible for authenticated attackers, with administrator-level privileges and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
olive-one-click-demo-import
No known fix

References

CVE
CVE-2023-29102
URL
https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-0-9-arbitrary-file-upload-vulnerability

Miscellaneous

Original Researcher
deokhunKim
Verified
No
WPVDB ID
3e749c3e-0ad7-436b-a552-b01bb51f4e1f

Timeline

Publicly Published
2023-08-28 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-04-05 (about 1 year ago)

Other

Published
Title
Published
2025-12-12
Title
WP3D Model Import Viewer <= 1.0.7 - Authenticated (Contributor+) Arbitrary File Upload
Published
2022-11-21
Title
User Registration < 2.2.4.1 - Subscriber+ Arbitrary File Upload
Published
2017-04-20
Title
WooCommerce Catalog Enquiry - Arbitrary File Upload
Published
2024-10-14
Title
WordPress Gallery Plugin – Limb Image Gallery <= 1.5.7 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2016-06-07
Title
Wordpress Levo-Slideshow - Arbitrary File Upload