CVE-2023-0039

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://plugins.trac.wordpress.org/browser/wp-upg/trunk/wp-upg.php#L723", "name": "https://plugins.trac.wordpress.org/browser/wp-upg/trunk/wp-upg.php#L723", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c0d7743-14f5-4fdd-a67b-b1f95dbe0f46", "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7c0d7743-14f5-4fdd-a67b-b1f95dbe0f46", "tags": ["Broken Link", "Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The User Post Gallery - UPG plugin for WordPress is vulnerable to authorization bypass which leads to remote command execution due to the use of a nopriv AJAX action and user supplied function calls and parameters in versions up to, and including 2.19. This makes it possible for unauthenticated attackers to call arbitrary PHP functions and perform actions like adding new files that can be webshells and updating the site's options to allow anyone to register as an administrator."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-0039", "ASSIGNER": "security@wordfence.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-01-03T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:odude:user_post_gallery:*:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.19"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-01-10T13:50Z"}