CVE-2023-3814

EPSS 0.16%
Published 04.09.2023 12:15:09
Last modified 06.03.2025 16:15:42
Source contact@wpscan.com
Teams watchlist Login
Open Login

The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Advancedfilemanager ≫ Advanced File Manager SwPlatformwordpress Version < 5.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.372

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://wpscan.com/vulnerability/ca954ec6-6ebd-4d72-a323-570474e2e339

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3814

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3814

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3814

EUVD