Lucene search

PatchstackCVELIST:CVE-2023-24416

HistoryFeb 23, 2024 - 11:32 a.m.

CVE-2023-24416 WordPress All In One Favicon Plugin <= 4.7 is vulnerable to Arbitrary File Deletion

2024-02-2311:32:58

CWE-22

Patchstack

www.cve.org

cve-2023-24416

arbitrary file deletion

path traversal

wordpress

all in one favicon plugin

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

EPSS

Percentile

10.5%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Arne Franken All In One Favicon.This issue affects All In One Favicon: from n/a through 4.7.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "all-in-one-favicon",
    "product": "All In One Favicon",
    "vendor": "Arne Franken",
    "versions": [
      {
        "changes": [
          {
            "at": "4.8",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "4.7",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/all-in-one-favicon/wordpress-all-in-one-favicon-plugin-4-7-arbitrary-file-deletion-vulnerability?_s_id=cve

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2023-24416