CVE-2023-5816

30 Oct 2024

Título es

CVE-2023-5816

Mié, 30/10/2024 – 03:15

Tipo

CWE-73

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2023-5816

Descripción en

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.

30/10/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.90

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://wordpress.org/plugins/code-explorer/#developers

https://www.wordfence.com/threat-intel/vulnerabilities/id/42ecc4e5-d660-472f-823d-a29b84cdf041?source=cve

Enviar en el boletín

Off

CVE-2023-5816

CVE-2023-5816

Jose Alexis Correa Valencia