What the vulnerability does
01Description
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
What the vulnerability does
Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions.
Explanation of Vulnerability in Simple Terms
WP-BusinessDirectory versions up to 4.0.0 allow authenticated users to upload files without proper validation. An attacker with a low-privilege account can upload malicious files, potentially gaining control over the site. The vulnerability affects confidentiality, integrity, and availability. Update to version 4.0.2 or later.
What an attacker can do
Upload malicious files and run code on the site with a low-privilege account.
Potential impact on your site
A low-privilege user can upload files to compromise your site's security and data.
Conditions required to exploit
Attacker must have a low-privilege user account on the WordPress site.
Key dates
External resources
Related vulnerabilities