Unrestricted Upload of File with Dangerous Type Vulnerability Affects WP Child Theme Generator
CVE-2023-47873

7.2HIGH

Key Information:

Vendor: WordPress
Status: WP Child Theme Generator
Vendor: CVE Published:; 26 March 2024

Summary

The WP Child Theme Generator by WEN Solutions is susceptible to an unrestricted upload of files with dangerous types, enabling potential attackers to upload malicious files to the server. This vulnerability impacts all versions from n/a to 1.0.9, posing a significant risk to WordPress sites using this plugin. Maintaining security best practices and regularly updating plugins can help mitigate this vulnerability.

Affected Version(s)

WP Child Theme Generator <= 1.0.9

References

https://patchstack.com/database/vulnerability/wp-child-th...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Nov 13, 2023

Credit

Dateoljo of BoB 12th (Patchstack Alliance)