Lucene search

PatchstackCVELIST:CVE-2023-51500

HistoryApr 17, 2024 - 10:47 a.m.

CVE-2023-51500 WordPress Uncode Core plugin <= 2.8.8 - Arbitrary File Deletion vulnerability

2024-04-1710:47:57

CWE-862

Patchstack

www.cve.org

cve-2023-51500

wordpress

uncode core

arbitrary file deletion

missing authorization

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Missing Authorization vulnerability in Undsgn Uncode Core.This issue affects Uncode Core: from n/a through 2.8.8.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Uncode Core",
    "vendor": "Undsgn",
    "versions": [
      {
        "changes": [
          {
            "at": "2.8.9",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "2.8.8",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/uncode-core/wordpress-uncode-core-plugin-2-8-8-arbitrary-file-deletion-vulnerability?_s_id=cve

7.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-51500