WordPress Plugin Vulnerabilities

CataBlog <= 1.7.0 - Authenticated (Editor+) Arbitrary File Upload

Description

The CataBlog plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with editor access and above to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
catablog
No known fix

References

CVE
CVE-2023-47842
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/18d1ba80-ddf6-4076-bc78-78647b964bcf

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
819706b3-0c42-4e8c-a581-62ccafa36252

Timeline

Publicly Published
2023-11-20 (about 2 years ago)
Added
2023-11-29 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2023-12-27
Title
WP MLM <= 4.0 - Unauthenticated Arbitrary File Upload
Published
2025-11-25
Title
AI Feeds < 1.0.12 - Unauthenticated Arbitrary File Upload
Published
2025-01-03
Title
Fancy Product Designer < 6.4.4 - Unauthenticated Arbitrary File Upload
Published
2024-10-28
Title
WP donimedia carousel <= 1.0.1 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2026-04-08
Title
WP-BusinessDirectory – Business directory plugin for WordPress < 4.0.1 - Authenticated (Subscriber+) Arbitrary File Upload