4 matches found
CVE-2023-4216
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216 Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the fileurl parameter when importing a CSV file, allowing high privilege users with the managewoocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however...
CVE-2023-4216
CVE-2023-4216 relates to the WordPress plugin Orders Tracking for WooCommerce (admin-facing) prior to version 1.2.6. The vulnerability stems from inadequate validation of the file_url parameter during CSV import, enabling a high-privilege administrator (manage_woocommerce) to perform a directory ...
WordPress Orders Tracking for WooCommerce Plugin < 1.2.6 is vulnerable to Directory Traversal
Software Orders Tracking for WooCommerce Type Plugin Vulnerable versions 1.2.6 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification Directory Traversal CVE CVE-2023-4216 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID bbc237527e13 Credits Utkarsh Agrawal Required...