CVE-2023-0331

creationtimestamp| type| source ---|---|--- 2025-03-11 04:41:13+00:00| seen| Telegram/verr2kkTvQr11ruplv8-DSgMbBp8HY7Wi1a9f9nPbtmKO6M6...

WordPress Correos Oficial Plugin <= 1.3.0.0 is vulnerable to Arbitrary File Download

Software Correos Oficial Type Plugin Vulnerable versions = 1.3.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-0331 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 8d6ba27c44e0 Credits Andrea Iodice Required...

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

CVE-2023-0331

CVE-2023-0331 concerns the Correos Oficial WordPress plugin. The provided documents confirm a lack of authorization checks during file-path generation, enabling unauthenticated arbitrary file download from the server. Affected product: Correos Oficial WordPress plugin. Reported vulnerable version...