CVE-2023-47840

2023-12-2909:15:09

CWE-94

[email protected]

web.nvd.nist.gov

cve-2023-47840

code injection

qode interactive

qode essential addons

vulnerability

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.

Affected configurations

Vulners

NVD

Node

qode_interactiveqode_essential_addonsRange≤1.5.2

CPENameOperatorVersion
qodeinteractive:qode_essential_addonsqodeinteractive qode essential addonsle1.5.2

CPE	Name	Operator	Version
qodeinteractive:qode_essential_addons	qodeinteractive qode essential addons	le	1.5.2

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "qode-essential-addons",
    "product": "Qode Essential Addons",
    "vendor": "Qode Interactive",
    "versions": [
      {
        "changes": [
          {
            "at": "1.5.3",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.5.2",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cve