Lucene search

[email protected]CVE-2023-23700

HistoryMay 17, 2024 - 7:15 a.m.

CVE-2023-23700

2024-05-1707:15:48

CWE-22

[email protected]

web.nvd.nist.gov

path traversal

directory restriction

oceanwp

nvd

vulnerability

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

6.8 Medium

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.2%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

VendorProductVersionCPE
oceanwpocean_extra*cpe:2.3:a:oceanwp:ocean_extra:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oceanwp	ocean_extra	*	cpe:2.3:a:oceanwp:ocean_extra::::::::

References

patchstack.com/database/vulnerability/oceanwp/wordpress-oceanwp-theme-3-4-1-authenticated-local-file-inclusion-vulnerability?_s_id=cve

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

6.8 Medium

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

10.2%

JSON

Related for CVE-2023-23700

cvelist1 wordfence1