Lucene search

PatchstackCVELIST:CVE-2023-25050

HistoryMay 17, 2024 - 6:34 a.m.

CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability

2024-05-1706:34:45

CWE-22

Patchstack

www.cve.org

wordpress

shortcodes

arbitrary file download

path traversal

vova anokhin

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

10.5%

JSON

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "shortcodes-ultimate",
    "product": "Shortcodes Ultimate",
    "vendor": "Vova Anokhin",
    "versions": [
      {
        "changes": [
          {
            "at": "5.12.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.12.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/shortcodes-ultimate/wordpress-shortcodes-ultimate-plugin-5-12-6-arbitrary-file-download-vulnerability?_s_id=cve

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVELIST:CVE-2023-25050