Vulnerability Details : CVE-2023-6187
The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.
Vulnerability category: Execute code
Products affected by CVE-2023-6187
- cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6187
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
Wordfence |
CWE ids for CVE-2023-6187
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-6187
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/5979f2eb-2ca8-4b06-814c-c4236bb81af0?source=cve
Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File UploadPatch;Third Party Advisory
-
https://www.paidmembershipspro.com/pmpro-update-2-12-4/
PMPro Security Update 2.12.4Product
-
https://plugins.trac.wordpress.org/browser/paid-memberships-pro/tags/2.12.3/includes/fields.php#L564
429 Too Many RequestsProduct
-
https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/functions.php
429 Too Many RequestsPatch
-
https://plugins.trac.wordpress.org/changeset/2997319/paid-memberships-pro/tags/2.12.4/includes/fields.php
Changeset 2997319 for paid-memberships-pro/tags/2.12.4/includes/fields.php – WordPress Plugin RepositoryPatch
Jump to