[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvxhkhJduxEwGfukWnve2wKr3WlHOii145k9xCUG5eBw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-5604","asgaros-forum-insufficient-authorization-to-authenticated-admin-arbitrary-file-upload","Asgaros Forum \u003C= 2.7.0 - Insufficient Authorization to Authenticated (Admin+) Arbitrary File Upload","The Asgaros Forum plugin for WordPress is vulnerable to unauthorized control of the plugin's settings due to an insufficient capability check on the forum options update in all versions up to 2.7.1 (exclusive). This makes it possible for authenticated attackers, with administrator-level access and above, to modify the plugin's settings so that they can upload malicious PHP files that can be used for remote code execution.","asgaros-forum",null,"\u003C2.7.1","2.7.1","medium",6.6,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:U\u002FC:H\u002FI:H\u002FA:H","Unrestricted Upload of File with Dangerous Type","2023-12-06 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F63b472fb-c853-4e56-b34c-3cf986c4cf80?source=api-prod",48]