4 matches found
Directory traversal
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
CVE-2023-5414 Icegram Express <= 5.6.23 - Authenticated (Administrator+) Directory Traversal to Arbitrary File Read
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the showeslogs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including...
Path traversal
The WordPress File Upload and WordPress File Upload Pro plugins for WordPress are vulnerable to Path Traversal in versions up to, and including, 4.19.1 via the vulnerable parameter wfunewpath. This allows administrator-level attackers to move files uploaded with the plugin located in...