CVE-2023-3664

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WPScanCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
fileorganizerfileorganizer
𝑥
≤ 1.0.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f