CVE-2023-34007

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 20, 2023

Updated: Dec 28, 2023

CWE ID 434

Summary

CVE-2023-34007 refers to an Unrestricted File Upload vulnerability discovered in WPChill's Download Monitor plugin. Malicious actors can exploit this issue, present in versions from n/a to 4.8.3, to upload dangerous file types, potentially leading to arbitrary code execution or serious data breaches. This vulnerability poses a significant risk to WordPress sites utilizing the Download Monitor plugin. It is crucial for users to update to the latest plugin version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Wpchill Download Monitor

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rrDrvj
https://www.cve.org/CVERecord?id=CVE-2023-34007
https://nvd.nist.gov/vuln/detail/CVE-2023-34007

Back to Vulnerability Database

CVE-2023-34007

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations