Lucene search

CVE-2023-0719

🗓️ 07 Feb 2023 22:45:56Reported by WordfenceType

The Wicked Folders plugin for WordPress has an authorization bypass vulnerability in versions up to 2.18.16, allowing authenticated attackers to perform admin actions

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 7
Patchstack	WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control	8 Feb 202300:00	–	patchstack
NVD	CVE-2023-0719	7 Feb 202323:15	–	nvd
Prion	Authorization	7 Feb 202323:15	–	prion
CVE	CVE-2023-0719	7 Feb 202323:15	–	cve
Vulnrichment	CVE-2023-0719	7 Feb 202322:56	–	vulnrichment
WPVulnDB	Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update	7 Feb 202300:00	–	wpvulndb
Wordfence Blog	Wordfence Intelligence CE Weekly Vulnerability Report (Feb 6, 2023 to Feb 12, 2023)	16 Feb 202315:21	–	wordfence

[
  {
    "vendor": "wickedplugins",
    "product": "Wicked Folders",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.18.16",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/wicked-folders/tags/2.18.16/lib/class-wicked-folders-ajax.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/9b26604b-2423-4130-b0ef-8f63a392c760
plugins	www.plugins.trac.wordpress.org/changeset

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

07 Feb 2023 22:56Current

5.5Medium risk

Vulners AI Score5.5

CVSS35.4

EPSS0.00061