The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Tue, 06 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Unitecms
Unitecms blox Page Builder
CPEs cpe:2.3:a:unitecms:blox_page_builder:*:*:*:*:*:*:*:*
Vendors & Products Unitecms
Unitecms blox Page Builder
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-06T01:49:57.531Z

Updated: 2024-08-06T19:42:11.065Z

Reserved: 2024-06-25T12:48:59.232Z

Link: CVE-2024-6315

cve-icon Vulnrichment

Updated: 2024-08-06T19:42:04.509Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-06T02:15:35.277

Modified: 2024-08-06T16:30:24.547

Link: CVE-2024-6315

cve-icon Redhat

No data.