CVE-2023-6979 : The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbit

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Published 2024-01-11 09:15:54

Updated 2024-01-18 17:04:45

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2023-6979

Cusrev » Customer Reviews For Woocommerce » For Wordpress
Versions up to, including, (<=) 5.38.9
cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-6979

EPSS FAQ

7.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6979

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2024-01-18
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	Wordfence	2024-01-11
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-6979

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-6979

https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35

429 Too Many Requests
Issue Tracking
https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz

Proton Drive
Broken Link
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3016708%40customer-reviews-woocommerce&new=3016708%40customer-reviews-woocommerce&sfp_email=&sfph_mail=

429 Too Many Requests
Patch
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3018507%40customer-reviews-woocommerce&new=3018507%40customer-reviews-woocommerce&sfp_email=&sfph_mail=

429 Too Many Requests
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve

Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload
Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-6979

Products affected by CVE-2023-6979

Exploit prediction scoring system (EPSS) score for CVE-2023-6979

CVSS scores for CVE-2023-6979

CWE ids for CVE-2023-6979

References for CVE-2023-6979