The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-05-02T07:04:48.615Z
Updated: 2024-08-02T05:24:34.720Z
Reserved: 2023-02-20T16:55:29.738Z
Link: CVE-2023-0924
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-02T08:15:09.620
Modified: 2024-11-21T07:38:06.507
Link: CVE-2023-0924
Redhat
No data.