exploitDog

CVE-2023-5816

Опубликовано: 30 окт. 2024

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.

Ссылки

https://wordpress.org/plugins/code-explorer/#developers
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/42ecc4e5-d660-472f-823d-a29b84cdf041?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bowo:code_explorer:*:*:*:*:*:wordpress:*:*

Версия до 1.4.5 (включая)

EPSS

Процентиль: 57%

0.00347

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-73

NVD-CWE-Other

Связанные уязвимости

GHSA-g463-pw3x-jmj3

CVSS3: 4.9

github

больше 1 года назад

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.

EPSS

Процентиль: 57%

0.00347

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-73

NVD-CWE-Other