CVE-2023-0924

Published: May 2, 2023Modified: Jun 17, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install.

Affected (1)

Products: Zyrex: Popup

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zyrex Popup	Before 1.1

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/0fd0d7a5-9263-43b6-9244-7880c3d3e6f4

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.