{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-2996","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2023-05-30T19:10:08.911Z","datePublished":"2023-06-27T13:17:07.479Z","dateUpdated":"2024-12-05T16:48:09.882Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-06-27T13:17:07.479Z"},"title":"Jetpack < 12.1.1 - Author+ Arbitrary File Manipulation via API","problemTypes":[{"descriptions":[{"description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Jetpack","versions":[{"status":"affected","versionType":"custom","version":"1.9","lessThan":"2.0.9"},{"status":"affected","versionType":"custom","version":"2.1","lessThan":"2.1.7"},{"status":"affected","versionType":"custom","version":"2.2","lessThan":"2.2.10"},{"status":"affected","versionType":"custom","version":"2.3","lessThan":"2.3.10"},{"status":"affected","versionType":"custom","version":"2.4","lessThan":"2.4.7"},{"status":"affected","versionType":"custom","version":"2.5","lessThan":"2.5.5"},{"status":"affected","versionType":"custom","version":"2.6","lessThan":"2.6.6"},{"status":"affected","versionType":"custom","version":"2.7","lessThan":"2.7.5"},{"status":"affected","versionType":"custom","version":"2.8","lessThan":"2.8.5"},{"status":"affected","versionType":"custom","version":"2.9","lessThan":"2.9.6"},{"status":"affected","versionType":"custom","version":"3.0","lessThan":"3.0.6"},{"status":"affected","versionType":"custom","version":"3.1","lessThan":"3.1.5"},{"status":"affected","versionType":"custom","version":"3.2","lessThan":"3.2.5"},{"status":"affected","versionType":"custom","version":"3.3","lessThan":"3.3.6"},{"status":"affected","versionType":"custom","version":"3.4","lessThan":"3.4.6"},{"status":"affected","versionType":"custom","version":"3.5","lessThan":"3.5.6"},{"status":"affected","versionType":"custom","version":"3.6","lessThan":"3.6.4"},{"status":"affected","versionType":"custom","version":"3.7","lessThan":"3.7.5"},{"status":"affected","versionType":"custom","version":"3.8","lessThan":"3.8.5"},{"status":"affected","versionType":"custom","version":"3.9","lessThan":"3.9.9"},{"status":"affected","versionType":"custom","version":"4.0","lessThan":"4.0.6"},{"status":"affected","versionType":"custom","version":"4.1","lessThan":"4.1.3"},{"status":"affected","versionType":"custom","version":"4.2","lessThan":"4.2.4"},{"status":"affected","versionType":"custom","version":"4.3","lessThan":"4.3.4"},{"status":"affected","versionType":"custom","version":"4.4","lessThan":"4.4.4"},{"status":"affected","versionType":"custom","version":"4.5","lessThan":"4.5.2"},{"status":"affected","versionType":"custom","version":"4.6","lessThan":"4.6.2"},{"status":"affected","versionType":"custom","version":"4.7","lessThan":"4.7.3"},{"status":"affected","versionType":"custom","version":"4.8","lessThan":"4.8.4"},{"status":"affected","versionType":"custom","version":"4.9","lessThan":"4.9.2"},{"status":"affected","versionType":"custom","version":"5.0","lessThan":"5.0.2"},{"status":"affected","versionType":"custom","version":"5.1","lessThan":"5.1.3"},{"status":"affected","versionType":"custom","version":"5.2","lessThan":"5.2.4"},{"status":"affected","versionType":"custom","version":"5.3","lessThan":"5.3.3"},{"status":"affected","versionType":"custom","version":"5.4","lessThan":"5.4.3"},{"status":"affected","versionType":"custom","version":"5.5","lessThan":"5.5.4"},{"status":"affected","versionType":"custom","version":"5.6","lessThan":"5.6.4"},{"status":"affected","versionType":"custom","version":"5.7","lessThan":"5.7.4"},{"status":"affected","versionType":"custom","version":"5.8","lessThan":"5.8.3"},{"status":"affected","versionType":"custom","version":"5.9","lessThan":"5.9.3"},{"status":"affected","versionType":"custom","version":"6.0","lessThan":"6.0.3"},{"status":"affected","versionType":"custom","version":"6.1","lessThan":"6.1.4"},{"status":"affected","versionType":"custom","version":"6.2","lessThan":"6.2.4"},{"status":"affected","versionType":"custom","version":"6.3","lessThan":"6.3.6"},{"status":"affected","versionType":"custom","version":"6.4","lessThan":"6.4.5"},{"status":"affected","versionType":"custom","version":"6.5","lessThan":"6.5.3"},{"status":"affected","versionType":"custom","version":"6.6","lessThan":"6.6.4"},{"status":"affected","versionType":"custom","version":"6.7","lessThan":"6.7.3"},{"status":"affected","versionType":"custom","version":"6.8","lessThan":"6.8.4"},{"status":"affected","versionType":"custom","version":"6.9","lessThan":"6.9.3"},{"status":"affected","versionType":"custom","version":"7.0","lessThan":"7.0.4"},{"status":"affected","versionType":"custom","version":"7.1","lessThan":"7.1.4"},{"status":"affected","versionType":"custom","version":"7.2","lessThan":"7.2.4"},{"status":"affected","versionType":"custom","version":"7.3","lessThan":"7.3.4"},{"status":"affected","versionType":"custom","version":"7.4","lessThan":"7.4.4"},{"status":"affected","versionType":"custom","version":"7.5","lessThan":"7.5.6"},{"status":"affected","versionType":"custom","version":"7.6","lessThan":"7.6.3"},{"status":"affected","versionType":"custom","version":"7.7","lessThan":"7.7.5"},{"status":"affected","versionType":"custom","version":"7.8","lessThan":"7.8.3"},{"status":"affected","versionType":"custom","version":"7.9","lessThan":"7.9.3"},{"status":"affected","versionType":"custom","version":"8.0","lessThan":"8.0.2"},{"status":"affected","versionType":"custom","version":"8.1","lessThan":"8.1.3"},{"status":"affected","versionType":"custom","version":"8.2","lessThan":"8.2.5"},{"status":"affected","versionType":"custom","version":"8.3","lessThan":"8.3.2"},{"status":"affected","versionType":"custom","version":"8.4","lessThan":"8.4.4"},{"status":"affected","versionType":"custom","version":"8.5","lessThan":"8.5.2"},{"status":"affected","versionType":"custom","version":"8.6","lessThan":"8.6.3"},{"status":"affected","versionType":"custom","version":"8.7","lessThan":"8.7.3"},{"status":"affected","versionType":"custom","version":"8.8","lessThan":"8.8.4"},{"status":"affected","versionType":"custom","version":"8.9","lessThan":"8.9.3"},{"status":"affected","versionType":"custom","version":"9.0","lessThan":"9.0.4"},{"status":"affected","versionType":"custom","version":"9.1","lessThan":"9.1.2"},{"status":"affected","versionType":"custom","version":"9.2","lessThan":"9.2.3"},{"status":"affected","versionType":"custom","version":"9.3","lessThan":"9.3.4"},{"status":"affected","versionType":"custom","version":"9.4","lessThan":"9.4.3"},{"status":"affected","versionType":"custom","version":"9.5","lessThan":"9.5.4"},{"status":"affected","versionType":"custom","version":"9.6","lessThan":"9.6.3"},{"status":"affected","versionType":"custom","version":"9.7","lessThan":"9.7.2"},{"status":"affected","versionType":"custom","version":"9.8","lessThan":"9.8.2"},{"status":"affected","versionType":"custom","version":"9.9","lessThan":"9.9.2"},{"status":"affected","versionType":"custom","version":"10.0","lessThan":"10.0.1"},{"status":"affected","versionType":"custom","version":"10.1","lessThan":"10.1.1"},{"status":"affected","versionType":"custom","version":"10.2","lessThan":"10.2.2"},{"status":"affected","versionType":"custom","version":"10.3","lessThan":"10.3.1"},{"status":"affected","versionType":"custom","version":"10.4","lessThan":"10.4.1"},{"status":"affected","versionType":"custom","version":"10.5","lessThan":"10.5.2"},{"status":"affected","versionType":"custom","version":"10.6","lessThan":"10.6.2"},{"status":"affected","versionType":"custom","version":"10.7","lessThan":"10.7.1"},{"status":"affected","versionType":"custom","version":"10.8","lessThan":"10.8.1"},{"status":"affected","versionType":"custom","version":"10.9","lessThan":"10.9.2"},{"status":"affected","versionType":"custom","version":"11.0","lessThan":"11.0.1"},{"status":"affected","versionType":"custom","version":"11.1","lessThan":"11.1.3"},{"status":"affected","versionType":"custom","version":"11.2","lessThan":"11.2.1"},{"status":"affected","versionType":"custom","version":"11.3","lessThan":"11.3.3"},{"status":"affected","versionType":"custom","version":"11.4","lessThan":"11.4.1"},{"status":"affected","versionType":"custom","version":"11.5","lessThan":"11.5.2"},{"status":"affected","versionType":"custom","version":"11.6","lessThan":"11.6.1"},{"status":"affected","versionType":"custom","version":"11.7","lessThan":"11.7.2"},{"status":"affected","versionType":"custom","version":"11.8","lessThan":"11.8.5"},{"status":"affected","versionType":"custom","version":"11.9","lessThan":"11.9.2"},{"status":"affected","versionType":"custom","version":"12.0","lessThan":"12.0.1"},{"status":"affected","versionType":"custom","version":"12.1","lessThan":"12.1.1"}],"defaultStatus":"unaffected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization."}],"references":[{"url":"https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663","tags":["exploit","vdb-entry","technical-description"]},{"url":"https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/","tags":["vendor-advisory"]}],"credits":[{"lang":"en","value":"Miguel Neto","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:41:03.950Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663","tags":["exploit","vdb-entry","technical-description","x_transferred"]},{"url":"https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/","tags":["vendor-advisory","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-05T16:47:57.983039Z","id":"CVE-2023-2996","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-05T16:48:09.882Z"}}]}}