Lucene search

[email protected]NVD:CVE-2023-5355

HistoryNov 06, 2023 - 9:15 p.m.

CVE-2023-5355

2023-11-0621:15:09

CWE-22

[email protected]

web.nvd.nist.gov

wordpress plugin

arbitrary file deletion

security vulnerability

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.

Affected configurations

NVD

Node

getawesomesupportawesome_supportRange<6.1.5wordpress

References

wpscan.com/vulnerability/d6f7faca-dacf-4455-a837-0404803d0f25

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

Related for NVD:CVE-2023-5355

cvelist1 cve1 prion1 wpexploit1 wpvulndb1