Vrm 360 3D Model Viewer <= 1.2.1 - Contributor+ Arbitrary File Upload Leading to RCE
CVE-2023-4311

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Vrm 360 3D Model Viewer
Vendor: CVE Published:; 18 December 2023

What is CVE-2023-4311?

The Vrm 360 3D Model Viewer plugin for WordPress, up to version 1.2.1, has a security flaw that allows attackers to upload arbitrary files via insufficient validation in a shortcode. This vulnerability can potentially lead to unauthorized access and compromise of the WordPress site, making it essential for users to update their plugins to mitigate any associated risks.

Affected Version(s)

Vrm 360 3D Model Viewer 0 <= 1.2.1

References

https://wpscan.com/vulnerability/21950116-1a69-4848-9da0-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2023
Vulnerability Reserved
Aug 11, 2023

Credit

Jonatas Souza Villa Flor

WPScan

Wordpress

What is CVE-2023-4311?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit