4 matches found
CVE-2023-0080
The CVE-2023-0080 entry concerns the WordPress plugin Customer Reviews for WooCommerce (pre-5.16.0). The vulnerability arises from a deficient validation of a shortcode attribute, enabling users with a contributor role or higher to perform Local File Inclusion by traversing attributes to read arb...
CVE-2023-0080 Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI
The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...
CVE-2023-0080 Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI
The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their...
WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...