Lucene search
WpvulndbWPVDB-ID:C4B0CF5E-16D0-4084-8FBF-CD3AF423832EHistoryJan 20, 2024 - 12:00 a.m.
WP Recipe Maker < 9.1.1 - Directory Traversal
2024-01-2000:00:00
wpscan.com
2
directory traversal
shortcodes
svg files
cross-site scripting
authentication
contributor-level access
Description The plugin is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the ‘icon’ attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.
| CPE | Name | Operator | Version |
|---|---|---|---|
| eq | 9.1.1 |
Related
cve
cve
CVE-2024-0380
2024-02-05 22:16:01
prion
prion
Cross site scripting
2024-02-05 22:16:00
cvelist
cvelist
CVE-2024-0380
2024-02-05 21:21:42
nvd
nvd
CVE-2024-0380
2024-02-05 22:16:01
vulnrichment
vulnrichment
CVE-2024-0380
2024-02-05 21:21:42
wordfence
wordfence
6.4 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
16.4%
Related for WPVDB-ID:C4B0CF5E-16D0-4084-8FBF-CD3AF423832E