Home

Description

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leading to remote code execution.

PUBLISHED Reserved 2023-10-16 | Published 2023-11-27 | Updated 2025-06-05 | Assigner WPScan

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

Any version before 2.7.1
affected

Credits

Rafael Aristodimou finder

WPScan coordinator

References

wpscan.com/...erability/4ce69d71-87bf-4d95-90f2-63d558c78b69 exploit vdb-entry technical-description

wpscan.com/...erability/4ce69d71-87bf-4d95-90f2-63d558c78b69 exploit vdb-entry technical-description

cve.org (CVE-2023-5604)

nvd.nist.gov (CVE-2023-5604)

Download JSON