Lucene search

WPScanCVELIST:CVE-2023-5355

HistoryNov 06, 2023 - 8:41 p.m.

CVE-2023-5355 Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion

2023-11-0620:41:57

WPScan

www.cve.org

cve-2023-5355

awesome support

arbitrary file deletion

wordpress plugin

sanitize file paths

temporary attachment files

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

16.2%

JSON

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Awesome Support",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "6.1.5"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/d6f7faca-dacf-4455-a837-0404803d0f25