Lucene search
HistorySep 25, 2023 - 4:15 p.m.
CVE-2023-4238
cve-2023-4238
wordpress plugin
file upload
security vulnerability
nvd
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.4%
The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
Affected configurations
Node
nextcloudfiles_access_controlRange<2.5.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| nextcloud | files_access_control | * | cpe:2.3:a:nextcloud:files_access_control:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Prevent files / folders access",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.5.2"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2023-4238
2023-09-25 16:15:14
prion
prion
Code injection
2023-09-25 16:15:00
wpvulndb
wpvulndb
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
2023-08-30 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-4238
2023-09-11 23:53:11
wpexploit
wpexploit
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
2023-08-30 00:00:00
cvelist
cvelist
wordfence
wordfence
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.4%
Related for CVE-2023-4238