Lucene search
+L

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.7 views

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.5CVSS7.7AI score0.00849EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/02/28 12:0 a.m.9 views

WordPress Correos Oficial Plugin <= 1.3.0.0 is vulnerable to Arbitrary File Download

Software Correos Oficial Type Plugin Vulnerable versions = 1.3.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-0331 Patch priority Low CVSS severity Low 8.6 Developer Claim ownership PSID 8d6ba27c44e0 Credits Andrea Iodice Required...

7.5CVSS6.9AI score0.00849EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2023/02/27 4:15 p.m.18 views

CVE-2023-0331

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.5CVSS7.6AI score0.00849EPSS
Exploits2References1
Prion
Prion
added 2023/02/27 4:15 p.m.16 views

Design/Logic Flaw

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

5CVSS7.6AI score0.00849EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/27 3:24 p.m.5 views

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.8AI score0.00849EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/27 3:24 p.m.21 views

CVE-2023-0331 Correos Oficial <= 1.2.0.2 - Unauthenticated Arbitrary File Download

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server...

7.8AI score0.00849EPSS
Exploits2References1
CVE
CVE
added 2023/02/27 3:24 p.m.89 views

CVE-2023-0331

CVE-2023-0331 concerns the Correos Oficial WordPress plugin. The provided documents confirm a lack of authorization checks during file-path generation, enabling unauthenticated arbitrary file download from the server. Affected product: Correos Oficial WordPress plugin. Reported vulnerable version...

7.5CVSS7.6AI score0.00849EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.4 views

WordPress Plugin Correos Oficial SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

7.5CVSS7.8AI score0.00849EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2023/01/31 12:0 a.m.18 views

Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download

The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. PoC Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file:...

7.5CVSS7.8AI score0.00849EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/01/31 12:0 a.m.527 views

Correos Oficial <= 1.3.0.0 - Unauthenticated Arbitrary File Download

The plugin does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server. Dependency: WooCommerce plugin Use the following curl command to download the contents of the wp-config.php file: curl...

7.5CVSS7.9AI score0.00849EPSS
Exploits2
Rows per page
Query Builder