CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
fileorganizerfileorganizer
𝑥
≤ 1.0.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
fileorganizerfileorganizer
𝑥
≤ 1.0.2
ADP
References
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f