Vulnerability Details CVE-2023-5957
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.3%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-5957
-
cpe:2.3:a:naziinfotech:ni_purchase_order(po)_for_woocommerce:1.2.1