Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)

Description

WordPress version 4.9.8 and earlier contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time.

Remediation

References

CVE-2018-1000773

Related Vulnerabilities

AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)

WordPress Plugin Subscriber by BestWebSoft Cross-Site Scripting (1.3.4)

WordPress Plugin Child Theme Creator by Orbisius Cross-Site Request Forgery (1.5.1)

WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)

Severity

High

Classification

CVE-2018-1000773 CWE-20 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities