Lucene search

CVE-2023-0720

🗓️ 08 Feb 2023 02:08:15Reported by WordfenceType

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass in versions up to 2.18.16

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Prion	Authorization	8 Feb 202302:15	–	prion
Cvelist	CVE-2023-0720	8 Feb 202301:03	–	cvelist
Vulnrichment	CVE-2023-0720	8 Feb 202301:03	–	vulnrichment
NVD	CVE-2023-0720	8 Feb 202302:15	–	nvd
Patchstack	WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control	8 Feb 202300:00	–	patchstack
WPVulnDB	Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update	7 Feb 202300:00	–	wpvulndb
Wordfence Blog	Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)	16 Feb 202315:21	–	wordfence

Nvd

Vulners

Node

wickedplugins wicked_foldersRange≤2.18.16wordpress

[
  {
    "vendor": "wickedplugins",
    "product": "Wicked Folders",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.18.16",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/8d392d0b-f286-44da-aa32-a08d0279baed

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

08 Feb 2023 02:15Current

4.7Medium risk

Vulners AI Score4.7

CVSS34.3 - 5.4

EPSS0.00049

SSVC

CWE-862