6.5
CVE-2023-4930
- EPSS 0.41%
- Veröffentlicht 06.11.2023 21:15:09
- Zuletzt bearbeitet 26.02.2025 22:15:12
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginFront End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing
Front End PM < 11.4.3 - Sensitive Information Exposure via Directory Listing
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
Mögliche Gegenmaßnahme
Front End PM: Update to version 11.4.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Shamimsplugins ≫ Front End Pm SwPlatformwordpress Version < 11.4.3
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Front End PM
Version
[*, 11.4.3)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.41% | 0.324 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.
https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2
https://www.wordfence.com/threat-intel/vulnerabilities/id/8250c277-200a-4808-98ae-ede169aad3fd