The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2 | Exploit Third Party Advisory |
Configurations
History
14 Nov 2023, 15:33
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-552 | |
References | (MISC) https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2 - Exploit, Third Party Advisory | |
First Time |
Shamimsplugins
Shamimsplugins front End Pm |
|
CPE | cpe:2.3:a:shamimsplugins:front_end_pm:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
07 Nov 2023, 12:14
Type | Values Removed | Values Added |
---|---|---|
CWE |
06 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-06 21:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-4930
Mitre link : CVE-2023-4930
CVE.ORG link : CVE-2023-4930
JSON object : View
Products Affected
shamimsplugins
- front_end_pm
CWE
CWE-552
Files or Directories Accessible to External Parties