Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload

Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authenticated attackers with subscriber-level access and above to upload arbitrary plugin packages to the affected site's server via a crafted plugin URL, which may make remote code execution possible.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

授权机制缺失

WordPress plugin多款产品 安全漏洞

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin多款产品存在安全漏洞，该漏洞源于缺少能力检查，可能导致任意插件上传和远程代码执行。以下产品受到影响：content-locker-for-elementor、image-comparison-elementor-add

N/A

N/A