[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":17,"vulnerability-14378":24},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},["Island",18],{"key":19,"params":20,"result":22},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":21},"{\"text-color\":\"gray\"}",{"head":23},{},{"id":25,"detectable_with":26,"vuln_details":33,"vuln_id":53,"name":54,"published":55,"updated":34},14378,{"tool":27,"engine":30},{"id":28,"name":29},1,"Network Scanner",{"id":31,"name":32},3,"OpenVAS",{"id":25,"codename":34,"description":34,"severity":35,"risk_description":36,"public_description":37,"public_recommendation":38,"recommendation":34,"references":39,"cvssv3":45,"epss_score":46,"epss_percentile":47,"cve":48,"in_cisa_catalog":51,"date":52,"software_type":34,"vendor":34,"product":34,"ptt_exploit_capabilities":34},null,"medium","The following vulnerabilities exist: - CVE-2018-14028: Plugins uploaded via the admin area are not verified as being ZIP files. - CVE-2018-1000773: An input validation vulnerability in thumbnail processing that can result in remote code execution due to an incomplete fix for CVE-2017-1000600. - CVE-2018-14028: Successful exploitation will allow remote attackers to upload php files in a predictable wp-content/uploads location and execute them. - CVE-2018-1000773: An attacker may leverage this issue to upload arbitrary files to the affected computer. This can result in arbitrary code execution within the context of the vulnerable application.","WordPress is prone to multiple vulnerabilities.","No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.",[40,41,42,43,44],"https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress","https://core.trac.wordpress.org/ticket/44710","https://github.com/rastating/wordpress-exploit-framework/pull/52","http://www.securityfocus.com/bid/105306","https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/",7.2,0.27765,0.9643,[49,50],"CVE-2018-14028","CVE-2018-1000773",false,"2018-09-06T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.813910","WordPress \u003C= 4.9.8 Multiple Vulnerabilities - Windows","2018-08-13T00:00:00Z"]