Asgaros Forum < 2.7.1 – Unauthenticated Arbitrary File Upload | CVE 2023-5604 | Plugin Vulnerabilities

Description

The plugin allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

Proof of Concept

Any user who has the rights to modify the settings area of the Asgaros plugin (/wp-admin/admin.php?page=asgarosforum-options), like forum administrators, can authorize users to upload malicious files (e.g. .php, .phtml files) on the site.

Affects Plugins

Fixed in 2.7.1

References

CVE

Miscellaneous

Original Researcher

Rafael Aristodimou

Submitter

Rafael Aristodimou

Verified

Yes

WPVDB ID

4ce69d71-87bf-4d95-90f2-63d558c78b69

Timeline

Publicly Published

2023-11-06 (about 2 years ago)

Added

2023-11-06 (about 2 years ago)

Last Updated

2023-11-06 (about 2 years ago)

Other

Published

Title

Published

2023-11-22

Title

Multiple Plugins by Trustindex.io <= (Various Versions)- Authenticated (Editor+) Arbitrary File Upload

Published

2014-08-01

Title

Font Uploader 1.2.4 - Arbitrary File Upload

Published

2014-08-01

Title

WPtouch 3.x - Insecure Nonce Generation

Published

2024-06-28

Title

Newspack Blocks < 3.0.9 - Authenticated (Contributor+) Arbitrary File Upload

Published

2024-05-28

Title

WP STAGING WordPress Backup Plugin – Migration Backup Restore < 3.5.0 - Admin+ Arbitrary File Upload