CVE-2023-3814

EPSS 0.16%
Veröffentlicht 04.09.2023 12:15:09
Zuletzt bearbeitet 06.03.2025 16:15:42
Quelle contact@wpscan.com
Teams Watchlist Login
Unerledigt Login

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Advancedfilemanager ≫ Advanced File Manager SwPlatformwordpress Version < 5.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.372

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3814

EUVD