CVE Vulnerabilities

CVE-2023-4019

Published: Sep 04, 2023 | Modified: Nov 07, 2023

CVSS 3.x

8.8

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-4019
CWE	https://cwe.mitre.org/data/definitions/.html

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

Affected Software

Name	Vendor	Start Version	End Version
Media_from_ftp	Riverforest-wp	*	11.17 (excluding)

References

https://wpscan.com/vulnerability/0d323b07-c6e7-4aba-85bc-64659ad0c85d

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.