The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/3007057/ | Patch |
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Jan 2024, 18:42
Type | Values Removed | Values Added |
---|---|---|
First Time |
Codection import And Export Users And Customers
Codection |
|
CWE | CWE-22 | |
CPE | cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve - Third Party Advisory | |
References | () https://plugins.trac.wordpress.org/changeset/3007057/ - Patch |
11 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 09:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-6583
Mitre link : CVE-2023-6583
CVE.ORG link : CVE-2023-6583
JSON object : View
Products Affected
codection
- import_and_export_users_and_customers
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')