Lucene search

WordfenceCVELIST:CVE-2023-3813

HistoryJul 21, 2023 - 2:04 a.m.

CVE-2023-3813

2023-07-2102:04:26

Wordfence

www.cve.org

wordpress

arbitrary file download

vulnerability

unauthenticated attackers

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.0%

JSON

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.

CNA Affected

[
  {
    "vendor": "artbees/",
    "product": "Jupiter X Core",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "2.5.0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/utils.php?rev=2777235#L425

www.wordfence.com/threat-intel/vulnerabilities/id/f767d94b-fe92-4b69-9d81-96de51e12983?source=cve

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

42.0%

JSON

Related for CVELIST:CVE-2023-3813