Lucene search

[email protected]CVE-2023-6989

HistoryFeb 05, 2024 - 10:15 p.m.

CVE-2023-6989

2024-02-0522:15:58

CWE-22

[email protected]

web.nvd.nist.gov

shield security

wordpress

local file inclusion

vulnerability

nvd

cve-2023-6989

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.

CPENameOperatorVersion
getshieldsecurity:shield_securitygetshieldsecurity shield securitylt18.5.10
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq3.2.0
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq5.0
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq2.0.1
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq1.8.1
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq5.17
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq7.3
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq5.9
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq18.0.0
getshieldsecurity:shield_securitygetshieldsecurity shield securityeq10.2.3

CPE	Name	Operator	Version
getshieldsecurity:shield_security	getshieldsecurity shield security	lt	18.5.10
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	3.2.0
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	5.0
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	2.0.1
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	1.8.1
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	5.17
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	7.3
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	5.9
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	18.0.0
getshieldsecurity:shield_security	getshieldsecurity shield security	eq	10.2.3

Rows per page:

1-10 of 2681

References

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.116 Low

EPSS

Percentile

95.3%

JSON

Related for CVE-2023-6989

prion1 nuclei1 wpvulndb1 wordfence2 cvelist1