Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for User Submitted Posts – Enable Users to Submit Posts from the Front End by Jeff Starr

    CVE-2023-45603 (GCVE-0-2023-45603)

    Vulnerability from nvd – Published: 2023-12-20 18:38 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
    Summary
    Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Credits
    Rafie Muhammad (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:16.836Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "user-submitted-posts",
              "product": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End",
              "vendor": "Jeff Starr",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "20230914",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "20230902",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafie Muhammad (Patchstack)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.\u003cp\u003eThis issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:43.293Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a020230914 or a higher version."
                }
              ],
              "value": "Update to\u00a020230914 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress User Submitted Posts Plugin \u003c= 20230902 is vulnerable to Arbitrary File Upload",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-45603",
        "datePublished": "2023-12-20T18:38:19.544Z",
        "dateReserved": "2023-10-09T10:11:54.306Z",
        "dateUpdated": "2026-04-28T16:08:43.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45603 (GCVE-0-2023-45603)

    Vulnerability from cvelistv5 – Published: 2023-12-20 18:38 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress User Submitted Posts Plugin <= 20230902 is vulnerable to Arbitrary File Upload
    Summary
    Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts – Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts – Enable Users to Submit Posts from the Front End: from n/a through 20230902.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Credits
    Rafie Muhammad (Patchstack)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:21:16.836Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "user-submitted-posts",
              "product": "User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End",
              "vendor": "Jeff Starr",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "20230914",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "20230902",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Rafie Muhammad (Patchstack)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.\u003cp\u003eThis issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902.\u003c/p\u003e"
                }
              ],
              "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Jeff Starr User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End.This issue affects User Submitted Posts \u2013 Enable Users to Submit Posts from the Front End: from n/a through 20230902."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:43.293Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/user-submitted-posts/wordpress-user-submitted-posts-plugin-20230902-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a020230914 or a higher version."
                }
              ],
              "value": "Update to\u00a020230914 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress User Submitted Posts Plugin \u003c= 20230902 is vulnerable to Arbitrary File Upload",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-45603",
        "datePublished": "2023-12-20T18:38:19.544Z",
        "dateReserved": "2023-10-09T10:11:54.306Z",
        "dateUpdated": "2026-04-28T16:08:43.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }