What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP VR: from n/a through <= 8.5.26.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR wpvr allows Upload a Web Shell to a Web Server.This issue affects WP VR: from n/a through <= 8.5.26.
Explanation of Vulnerability in Simple Terms
WP VR versions 8.5.26 and earlier allow authenticated users to upload files without proper validation. An attacker with low-level site access can upload malicious files, potentially gaining control of the entire site. The vulnerability affects all confidentiality, integrity, and availability of the WordPress installation.
What an attacker can do
Upload malicious files and execute code on the site with full control.
Potential impact on your site
Compromised site with potential data theft, malware injection, and complete loss of availability.
Conditions required to exploit
Attacker needs a low-privilege account (subscriber or contributor level) on the WordPress site.
Key dates
External resources
Related vulnerabilities