vulnerability
WordPress Plugin: asgaros-forum: CVE-2023-5604: Unrestricted Upload of File with Dangerous Type
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:M/C:C/I:C/A:C) | Dec 6, 2023 | May 15, 2025 | May 5, 2026 |
Severity
8
CVSS
(AV:N/AC:M/Au:M/C:C/I:C/A:C)
Published
Dec 6, 2023
Added
May 15, 2025
Modified
May 5, 2026
Description
The Asgaros Forum plugin for WordPress is vulnerable to unauthorized control of the plugin's settings due to an insufficient capability check on the forum options update in all versions up to 2.7.1 (exclusive). This makes it possible for authenticated attackers, with administrator-level access and above, to modify the plugin's settings so that they can upload malicious PHP files that can be used for remote code execution.
Solution
asgaros-forum-plugin-cve-2023-5604
References
- https://www.cve.org/CVERecord?id=CVE-2023-5604
- https://www.wordfence.com/threat-intel/vulnerabilities/id/63b472fb-c853-4e56-b34c-3cf986c4cf80?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-57897
- CVE-2023-5604
- https://attackerkb.com/topics/CVE-2023-5604
- CWE-94
- CWE-434
- EUVD-EUVD-2023-57897
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.