What the vulnerability does
01Description
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions.
Explanation of Vulnerability in Simple Terms
WpStream versions before 4.11.2 do not properly validate uploaded files, allowing authenticated users to upload files that may not be intended for the application. An attacker with low-level access can upload malicious files to degrade site integrity or availability. Update to version 4.11.2 or later to restrict file uploads to safe types.
What an attacker can do
Upload files that compromise site integrity or cause the site to malfunction.
Potential impact on your site
Malicious files uploaded by compromised or rogue user accounts could damage site data or cause service disruption.
Conditions required to exploit
Attacker must have a low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities