8.8
CVE-2023-1273
- EPSS 1.68%
- Veröffentlicht 04.07.2023 08:15:10
- Zuletzt bearbeitet 21.11.2024 07:38:48
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginND Shortcodes < 7.0 - Subscriber+ LFI
ND Shortcodes <= 6.9 - Authenticated (Subscriber+) Local File Inclusion
The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
Mögliche Gegenmaßnahme
ND Shortcodes: Update to version 7.0, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nicdark ≫ Nd Shortcodes SwPlatformwordpress Version < 7.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
ND Shortcodes
Version
*-6.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
https://wpscan.com/vulnerability/0805ed7e-395d-48de-b484-6c3ec1cd4b8e
https://www.wordfence.com/threat-intel/vulnerabilities/id/9b9bd42f-cb24-483a-ae91-add4378067d9