Lucene search
+L

4 matches found

OSV
OSV
added 2023/12/18 8:15 p.m.4 views

CVE-2023-6295

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.2CVSS5.8AI score0.01034EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.38 views

CVE-2023-6295 so-widgets-bundle < 1.51.0 - Admin+ Local File Inclusion

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to perform LFI attacks in the context of Multisite WordPress sites...

7.1AI score0.01034EPSS
Exploits2References1
CVE
CVE
added 2023/12/18 8:8 p.m.72 views

CVE-2023-6295

CVE-2023-6295 affects the SiteOrigin Widgets Bundle on WordPress, specifically versions

7.2CVSS7AI score0.01034EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/11/29 12:0 a.m.16 views

WordPress SiteOrigin Widgets Bundle Plugin <= 1.50.1 is vulnerable to Local File Inclusion

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.50.1 Fixed in 1.51.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-6295 Patch priority Low CVSS severity Low 7.4 Developer Claim ownership PSID d65c4e36bd60 Credits Sebastian Neef Required privile...

7.2CVSS6.8AI score0.01034EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder