Lucene search

K
cvelistPatchstackCVELIST:CVE-2023-25050
HistoryMay 17, 2024 - 6:34 a.m.

CVE-2023-25050 WordPress Shortcodes Ultimate plugin <= 5.12.6 - Arbitrary File Download vulnerability

2024-05-1706:34:45
CWE-22
Patchstack
www.cve.org
wordpress
shortcodes
arbitrary file download
path traversal
vova anokhin

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

10.5%

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate: from n/a through 5.12.6.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "shortcodes-ultimate",
    "product": "Shortcodes Ultimate",
    "vendor": "Vova Anokhin",
    "versions": [
      {
        "changes": [
          {
            "at": "5.12.7",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "5.12.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

10.5%

Related for CVELIST:CVE-2023-25050