← Volver a CVEs
CVE-2023-6583
MEDIUM6.6
Descripcion
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
Detalles CVE
Puntuacion CVSS v3.16.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado1/11/2024
Ultima modificacion4/8/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
codection:import_and_export_users_and_customers
Debilidades (CWE)
CWE-98CWE-22
Referencias
https://plugins.trac.wordpress.org/changeset/3007057/(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/3007057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.