CVE-2023-1406

CVSS V2 None CVSS V3 None
Description
The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.
Overview
  • CVE ID
  • CVE-2023-1406
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-04-10T14:15:09
  • Last Modified Date
  • 2023-04-24T13:15:07
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:crocoblock:jetengine_for_elementor:*:*:*:*:*:wordpress:*:* 1 OR 3.1.3.1
References
Reference URL Reference Tags
https://wpscan.com/vulnerability/2a81b6b1-2339-4889-9c28-1af133df8b65 Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 04:26:15 Added to TrackCVE
2023-04-17 04:26:18 Weakness Enumeration new
2023-04-24 14:00:51 2023-04-24T13:15:07 CVE Modified Date updated
2023-04-24 14:00:51 Analyzed Modified Vulnerability Status updated