← Voltar para CVEs
CVE-2023-6583
MEDIUM6.6
Descricao
The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
Detalhes CVE
Pontuacao CVSS v3.16.6
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeHIGH
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado1/11/2024
Ultima modificacao4/8/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
codection:import_and_export_users_and_customers
Fraquezas (CWE)
CWE-98CWE-22
Referencias
https://plugins.trac.wordpress.org/changeset/3007057/(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve(security@wordfence.com)
https://plugins.trac.wordpress.org/changeset/3007057/(af854a3a-2127-422b-91ae-364da2661108)
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.