cve/2023/CVE-2023-2996.md

### [CVE-2023-2996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2996)
![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=1.9%3C%202.0.9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)

### Description

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.

### POC

#### Reference
- https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663

#### Github
No PoCs found on GitHub currently.
Update CVE sources 2024-05-28 08:49 2024-05-28 08:49:17 +00:00			`### [CVE-2023-2996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2996)`
			`![](https://img.shields.io/static/v1?label=Product&message=Jetpack&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.9%3C%202.0.9%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen)`

			`### Description`

			`The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization.`

			`### POC`

			`#### Reference`
			`- https://wpscan.com/vulnerability/52d221bd-ae42-435d-a90a-60a5ae530663`

			`#### Github`
			`No PoCs found on GitHub currently.`