The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/71956598-90aa-4557-947a-c4716674543d | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:00
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-03-20 16:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-0340
Mitre link : CVE-2023-0340
CVE.ORG link : CVE-2023-0340
JSON object : View
Products Affected
custom_content_shortcode_project
- custom_content_shortcode
CWE
No CWE.