Lucene search

K
cve[email protected]CVE-2023-6592
HistoryJan 16, 2024 - 4:15 p.m.

CVE-2023-6592

2024-01-1616:15:13
web.nvd.nist.gov
16
fastdup
wordpress
plugin
directory listing
sensitive directories
vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

The FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.

Affected configurations

Vulners
NVD
Node
ninjateamfastdupRange<2.2
VendorProductVersionCPE
ninjateamfastdup*cpe:2.3:a:ninjateam:fastdup:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "FastDup",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.2"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%