Lucene search

[email protected]CVE-2023-4836

HistoryOct 31, 2023 - 2:15 p.m.

CVE-2023-4836

2023-10-3114:15:12

CWE-639

[email protected]

web.nvd.nist.gov

wordpress

file sharing plugin

authorization bypass

security vulnerability

cve-2023-4836

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced

VendorProductVersionCPE
wordpressupload_file_plugin*cpe:2.3:a:wordpress:upload_file_plugin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	upload_file_plugin	*	cpe:2.3:a:wordpress:upload_file_plugin::::::::

References

research.cleantalk.org/cve-2023-4836-user-private-files-idor-to-sensitive-data-and-private-files-exposure-leak-of-info-poc

wpscan.com/vulnerability/c17f2534-d791-4fe3-b45b-875777585dc6

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

7.4 High

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for CVE-2023-4836

wpvulndb1 wpexploit1 prion1 cvelist1