CVE-2023-29386 : Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Ma

Unrestricted Upload of File with Dangerous Type vulnerability in Julien Crego Manager for Icomoon.This issue affects Manager for Icomoon: from n/a through 2.0.

Published 2024-03-26 20:27:08

Updated 2024-03-27 12:29:30

Source Patchstack

View at NVD, CVE.org

Products affected by CVE-2023-29386

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2023-29386

EPSS FAQ

0.29%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-29386

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	2.3	6.0	Patchstack	2024-03-26
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-29386

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: audit@patchstack.com (Primary)

References for CVE-2023-29386

https://patchstack.com/database/vulnerability/manager-for-icomoon/wordpress-manager-for-icommon-plugin-2-0-arbitrary-file-upload-vulnerability?_s_id=cve

WordPress Manager for Icomoon plugin <= 2.0 - Arbitrary File Upload vulnerability - Patchstack

Jump to

Vulnerability Details : CVE-2023-29386

Products affected by CVE-2023-29386

Exploit prediction scoring system (EPSS) score for CVE-2023-29386

CVSS scores for CVE-2023-29386

CWE ids for CVE-2023-29386

References for CVE-2023-29386