Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.21 views

CVE-2023-4216

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...

2.7CVSS6.6AI score0.00545EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/09/04 11:27 a.m.17 views

CVE-2023-4216 Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...

3.5AI score0.00545EPSS
Exploits2References1
CVE
CVE
added 2023/09/04 11:27 a.m.66 views

CVE-2023-4216

CVE-2023-4216 relates to the WordPress plugin Orders Tracking for WooCommerce (admin-facing) prior to version 1.2.6. The vulnerability stems from inadequate validation of the file_url parameter during CSV import, enabling a high-privilege administrator (manage_woocommerce) to perform a directory ...

2.7CVSS3.8AI score0.00545EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/08/17 12:0 a.m.13 views

WordPress Orders Tracking for WooCommerce Plugin < 1.2.6 is vulnerable to Directory Traversal

Software Orders Tracking for WooCommerce Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-4216 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID bbc237527e13 Credits Utkarsh Agrawal Required...

2.7CVSS7.2AI score0.00545EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder