WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
CVE-2023-45603

9CRITICAL

Key Information:

Vendor: WordPress
Status: User Submitted Posts – Enable Users to Submit Posts from the Front End
Vendor: CVE Published:; 20 December 2023

Summary

The User Submitted Posts plugin by Jeff Starr is susceptible to an unrestricted file upload vulnerability, allowing unauthorized users to upload files of any type. This flaw can lead to the execution of malicious scripts, compromising the security of the website and its hosting environment. It is crucial for site administrators to update to the latest version to mitigate the risk posed by this vulnerability.

Affected Version(s)

User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230902

References

https://patchstack.com/database/vulnerability/user-submit...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Oct 9, 2023

Credit

Rafie Muhammad (Patchstack)