CVE-2023-4819

EUVD-2023-54662
The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
tammersoftshared_files
𝑥
< 1.7.6
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/4423b023-cf4a-46cb-b314-7a09ac08b29a
https://wpscan.com/vulnerability/4423b023-cf4a-46cb-b314-7a09ac08b29a