Unrestricted Upload of Dangerous File Vulnerability Affects Trustindex.io Widgets for Google Reviews
CVE-2023-48275

8HIGH

Key Information:

Vendor: WordPress
Status: Widgets For Google Reviews
Vendor: CVE Published:; 26 March 2024

Summary

A vulnerability has been identified in Trustindex Io Widgets for Google Reviews, allowing unauthorized file uploads. This issue permits attackers to upload files of dangerous types, potentially leading to further exploitation of the affected system. The vulnerability impacts all versions from n/a through 11.0.2, necessitating immediate action for organizations using this product to mitigate associated risks.

Affected Version(s)

Widgets for Google Reviews <= 11.0.2

References

https://patchstack.com/database/vulnerability/wp-reviews-...

vdb-entry

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Nov 13, 2023

Credit

Rafie Muhammad (Patchstack)