The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
Tue, 06 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Unitecms
Unitecms blox Page Builder |
|
CPEs | cpe:2.3:a:unitecms:blox_page_builder:*:*:*:*:*:*:*:* | |
Vendors & Products |
Unitecms
Unitecms blox Page Builder |
|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-06T01:49:57.531Z
Updated: 2024-08-06T19:42:11.065Z
Reserved: 2024-06-25T12:48:59.232Z
Link: CVE-2024-6315
Vulnrichment
Updated: 2024-08-06T19:42:04.509Z
NVD
Status : Awaiting Analysis
Published: 2024-08-06T02:15:35.277
Modified: 2024-08-06T16:30:24.547
Link: CVE-2024-6315
Redhat
No data.