CVE-2023-3664

EUVD-2023-44308
The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
fileorganizerfileorganizer
𝑥
≤ 1.0.2
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f
https://wpscan.com/vulnerability/d59e6eac-3ebf-40e0-800c-8cbef345423f