CVE-2023-4930

Exploit

EPSS 0.1%
Veröffentlicht 06.11.2023 21:15:09
Zuletzt bearbeitet 26.02.2025 22:15:12
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Front End PM < 11.4.3 - Sensitive Information Exposure via Directory Listing

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Mögliche Gegenmaßnahme

Front End PM: Update to version 11.4.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Front End PM

Version [*, 11.4.3)

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shamimsplugins ≫ Front End Pm SwPlatformwordpress Version < 11.4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.272

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/8250c277-200a-4808-98ae-ede169aad3fd

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-4930

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-4930

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-4930

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-4930