The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-12-15T07:30:41.463Z
Updated: 2024-08-02T08:42:07.810Z
Reserved: 2023-12-14T19:00:44.190Z
Link: CVE-2023-6826
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-12-15T08:15:46.120
Modified: 2023-12-21T04:49:03.117
Link: CVE-2023-6826
Redhat
No data.