CVE Catalog

CVE-2016-20075

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

24th percentile - higher than 24% of all known CVEs

Summary

The WordPress Ultimate Product Catalog plugin version 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality.

Risk Assessment

Attackers can upload PHP shells, allowing them to execute arbitrary code on the server, which poses a serious security threat to the system.

Recommendation

It is recommended to update the plugin to the latest version and restrict file upload permissions to trusted roles only.

Original NVD description (English source)

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS