CVE-2023-6583

The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:*

History

17 Jan 2024, 18:42

Type Values Removed Values Added
First Time Codection import And Export Users And Customers
Codection
CWE CWE-22
CPE cpe:2.3:a:codection:import_and_export_users_and_customers:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset/3007057/ - () https://plugins.trac.wordpress.org/changeset/3007057/ - Patch

11 Jan 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-11 09:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-6583

Mitre link : CVE-2023-6583

CVE.ORG link : CVE-2023-6583


JSON object : View

Products Affected

codection

  • import_and_export_users_and_customers
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')