Lucene search
PatchstackCVELIST:CVE-2023-37888HistoryMay 17, 2024 - 6:48 a.m.
CVE-2023-37888 WordPress Phlox Core Elements plugin <= 2.14.0 - Unauthenticated Local File Inclusion vulnerability
2024-05-1706:48:40
CWE-22
Patchstack
www.cve.org
2
wordpress
phlox core plugin
unauthenticated
local file inclusion
path traversal
by averta shortcodes
php
vulnerability
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS
0
Percentile
10.5%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "auxin-elements",
"product": "Shortcodes and extra features for Phlox theme",
"vendor": "By Averta",
"versions": [
{
"changes": [
{
"at": "2.15.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.14.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-37888
2024-05-17 07:15:57
wpvulndb
wpvulndb
cve
cve
CVE-2023-37888
2024-05-17 07:15:57
wordfence
wordfence
CVSS3
7.6
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS
0
Percentile
10.5%
Related for CVELIST:CVE-2023-37888