10 matches found
CVE-2023-0331
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
WordPress Correos Oficial Plugin <= 1.3.0.0 is vulnerable to Arbitrary File Download
Software Correos Oficial Type Plugin Vulnerable versions = 1.3.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-0331 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 8d6ba27c44e0 Credits Andrea Iodice Required...
CVE-2023-0331
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
Design/Logic Flaw
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...
CVE-2023-0331
CVE-2023-0331 concerns the Correos Oficial WordPress plugin. The provided documents confirm a lack of authorization checks during file-path generation, enabling unauthenticated arbitrary file download from the server. Affected product: Correos Oficial WordPress plugin. Reported vulnerable version...
WordPress Plugin Correos Oficial SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. PoC Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file:...
Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download
The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file: curl...