WordPress Plugin Vulnerabilities

EditorsKit < 1.40.4 - Authenticated (Administrator+) Arbitrary File Upload

Description

The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
block-options
Fixed in 1.40.4

References

CVE
CVE-2023-6635
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4528f9a1-7027-4aa9-b006-bea84aa19c84

Miscellaneous

Original Researcher
István Márton
Verified
No
WPVDB ID
dc25d0de-e2d8-4ce7-8244-c7661927a7e7

Timeline

Publicly Published
2023-12-16 (about 2 years ago)
Added
2024-01-18 (about 2 years ago)
Last Updated
2024-01-18 (about 2 years ago)

Other

Published
Title
Published
2022-01-12
Title
WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload
Published
2014-08-01
Title
WPtouch 3.x - Insecure Nonce Generation
Published
2024-07-08
Title
Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload
Published
2023-05-31
Title
File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode
Published
2016-06-22
Title
Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Upload and Download