The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:32:41.439Z
Updated: 2024-08-02T08:35:14.835Z
Reserved: 2023-12-08T19:39:49.083Z
Link: CVE-2023-6636
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2024-01-11T09:15:50.593
Modified: 2024-01-17T21:20:04.423
Link: CVE-2023-6636
Redhat
No data.