关键信息总结 漏洞描述 名称: WordPress Plugin N-Media Post Front-end Form Arbitrary File Upload (1.0) 描述: 该漏洞允许攻击者上传任意文件,因为应用程序未能正确验证用户提供的输入。攻击者可以借此漏洞上传任意代码并在Web服务器进程中运行,可能引发未经授权的访问或权限提升等攻击。 修复措施: 更新插件至版本1.1或更高版本。 严重性与分类 严重性: High(高) 分类: - CWE-434 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N 标签 Missing Update Unauthenticated File Upload 参考资料 PluginVulnerabilities.com WordPress.org插件页 相关漏洞 [Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]() [Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]() [WebLogic CVE-2018-2987 Vulnerability (CVE-2018-2987)]() [Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)]() [WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.2.4)]()