The EditorsKit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'import_styles' function in versions up to, and including, 1.40.3. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-02-05T21:21:42.520Z
Updated: 2024-08-02T08:35:14.917Z
Reserved: 2023-12-08T19:39:29.662Z
Link: CVE-2023-6635
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-02-05T22:15:56.023
Modified: 2024-02-12T20:50:07.757
Link: CVE-2023-6635
Redhat
No data.