WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to Arbitrary File Upload
CVE-2023-46149

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Themify Ultra
Vendor: CVE Published:; 20 December 2023

What is CVE-2023-46149?

The Themify Ultra theme is susceptible to unauthorized file uploads, allowing users to upload files with unsafe extensions. This could lead to potential remote code execution, compromising the integrity of websites using versions from n/a up to 7.3.5. Website administrators must act swiftly to mitigate this risk and secure their installations.

Affected Version(s)

Themify Ultra <= 7.3.5

References

https://patchstack.com/database/vulnerability/themify-ult...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2023
Vulnerability Reserved
Oct 17, 2023

Credit

Rafie Muhammad (Patchstack)