CVE-2023-3720
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 30, 2023
Updated: Nov 7, 2023
CWE ID 470
Summary
CVE-2023-3720 is a vulnerability affecting the Upload Media By URL plugin for WordPress. Prior to version 1.0.8, this plugin lacked Cross-Site Request Forgery (CSRF) protection during file uploads. Consequently, attackers can manipulate logged-in administrators into uploading files, including those containing malicious JavaScript code, under the guise of unfiltered_html capable users. This flaw poses a significant risk to websites using the Upload Media By URL plugin, necessitating an update to the latest version to mitigate the threat.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share