Lucene search
K

4 matches found

CVE
CVE
added 2023/02/13 2:32 p.m.50 views

CVE-2023-0080

The CVE-2023-0080 entry concerns the WordPress plugin Customer Reviews for WooCommerce (pre-5.16.0). The vulnerability arises from a deficient validation of a shortcode attribute, enabling users with a contributor role or higher to perform Local File Inclusion by traversing attributes to read arb...

8.8CVSS8.7AI score0.01125EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.7 views

CVE-2023-0080 Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

8.7AI score0.01125EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.25 views

CVE-2023-0080 Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...

8.8AI score0.01125EPSS
Exploits1References1
Patchstack
Patchstack
added 2023/01/23 12:0 a.m.20 views

WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion

Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...

8.8CVSS6.9AI score0.01125EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder