Lucene search

WpvulndbWPVDB-ID:76819186-A1D7-489C-91C5-6A99A3732C44

HistoryApr 29, 2024 - 12:00 a.m.

Sendinblue for WooCommerce < 4.0.18 - Authenticated (Editor+) Arbitrary File Download and Deletion

2024-04-2900:00:00

wpscan.com

sendinblue

woocommerce

wordpress

arbitrary file download

deletion

vulnerable plugin

file validation

authenticated attackers

editor-level access

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

10.5%

JSON

Description The Brevo for WooCommerce plugin for WordPress is vulnerable to arbitrary file download and deletion in all versions up to, and including, 4.0.17. This is due to the plugin not properly validating file names in the get_file_contents and delete_attachment functions. This makes it possible for authenticated attackers, with editor-level access and above, to download and delete arbitrary files.

References

www.wordfence.com/threat-intel/vulnerabilities/id/6a24378f-cf76-4937-99e5-a5fb2d206859

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

AI Score

6.9

Confidence

High

EPSS

Percentile

10.5%

JSON

Related for WPVDB-ID:76819186-A1D7-489C-91C5-6A99A3732C44