Lucene search

[email protected]NVD:CVE-2023-4297

HistoryNov 27, 2023 - 5:15 p.m.

CVE-2023-4297

2023-11-2717:15:08

[email protected]

web.nvd.nist.gov

wordpress

file list

arbitrary directories

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.

Affected configurations

NVD

Node

mediamanifestommm_simple_file_listRange≤2.3wordpress

References

wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for NVD:CVE-2023-4297

wpvulndb1 wpexploit1 cvelist1 prion1 cve1 wordfence1