What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through < 7.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP pin-wp allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a through < 7.2.
Explanation of Vulnerability in Simple Terms
Pin WP versions 7.2 and earlier contain an unrestricted file upload vulnerability. An attacker with low-level site access can upload malicious files without proper validation, potentially gaining full control of the site. The vulnerability affects confidentiality, integrity, and availability across the entire system.
What an attacker can do
Upload malicious files and run their own code on the site.
Potential impact on your site
Complete site compromise: data theft, defacement, malware injection, or total takeover.
Conditions required to exploit
Attacker needs a low-privilege account (e.g., contributor or subscriber role).
Key dates
External resources