Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.5 views

CVE-2023-1273

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

8.8CVSS6.7AI score0.01683EPSS
Exploits2References1
NVD
NVD
added 2023/07/04 8:15 a.m.21 views

CVE-2023-1273

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks...

8.8CVSS8.6AI score0.01683EPSS
Exploits2References1
CVE
CVE
added 2023/07/04 7:23 a.m.60 views

CVE-2023-1273

CVE-2023-1273 affects the WordPress plugin ND Shortcodes (before 7.0). The issue is that some shortcode attributes used to generate include paths are not validated, allowing an authenticated user (e.g., a subscriber) to perform a Local File Inclusion (LFI) attack by manipulating the path. Public ...

8.8CVSS8.6AI score0.01683EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.11 views

WordPress ND Shortcodes For Visual Composer Plugin < 7.0 is vulnerable to Local File Inclusion

Software ND Shortcodes For Visual Composer Type Plugin Vulnerable versions 7.0 Fixed in 7.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-1273 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d5d6aec821b Credits Erwan LR WPScan Required...

8.8CVSS6.8AI score0.01683EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder