Lucene search
WPScanCVE-2023-0331HistoryFeb 27, 2023 - 4:15 p.m.
CVE-2023-0331
2023-02-2716:15:11
WPScan
web.nvd.nist.gov
41
cve-2023-0331
correos oficial
wordpress plugin
authorization check
user input validation
arbitrary file download
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
61.5%
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.
Affected configurations
Node
correoscorreos_oficialRange≤1.2.0.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| correos | correos_oficial | * | cpe:2.3:a:correos:correos_oficial:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Correos Oficial",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThanOrEqual": "1.2.0.2"
}
],
"defaultStatus": "affected"
}
]Related
cvelist
cvelist
nvd
nvd
CVE-2023-0331
2023-02-27 16:15:11
wpvulndb
wpvulndb
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
2023-01-31 00:00:00
prion
prion
Design/Logic Flaw
2023-02-27 16:15:00
wpexploit
wpexploit
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
2023-01-31 00:00:00
wordfence
wordfence
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
0.002
Percentile
61.5%
Related for CVE-2023-0331