CVE-2023-51475

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 29, 2023

Updated: Jan 8, 2024

CWE ID 434

Summary

CVE-2023-51475 is a critical vulnerability affecting the WP MLM SOFTWARE PLUGIN from unknown versions through 4.0. This issue involves an Unrestricted File Upload, which allows an attacker to upload any file type, including dangerous ones, without restriction. Successful exploitation of this vulnerability could lead to arbitrary code execution or website defacement, posing a significant risk to affected WordPress sites using the WP MLM SOFTWARE PLUGIN. It is highly recommended that users update to the latest plugin version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/t3ucM6
https://www.cve.org/CVERecord?id=CVE-2023-51475
https://nvd.nist.gov/vuln/detail/CVE-2023-51475

Back to Vulnerability Database

CVE-2023-51475

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations