Lucene search
Japan Vulnerability NotesJVN:97127032HistoryJun 27, 2023 - 12:00 a.m.
JVN#97127032: WordPress Plugin "Snow Monkey Forms" vulnerable to directory traversal
2023-06-2700:00:00
Japan Vulnerability Notes
jvn.jp
26
wordpress
snow monkey forms
directory traversal
vulnerability
cwe-22
monkey wrench inc.
update
remote attacker
server files
products affected.
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
0.003
Percentile
71.8%
WordPress Plugin “Snow Monkey Forms” provided by Monkey Wrench Inc. contains a directory traversal vulnerability (CWE-22).
Impact
Arbitrary files on the server may be deleted by a remote attacker.
Solution
Update the plugin
Update the plugin according to the information provided by the developer.
Products Affected
- Snow Monkey Forms v5.1.1 and earlier
[2023/07/14 Update]
When this advisory was first published on 2023 June 27, the affected versions were described as “5.1.0 and earlier”. However, it was found by the reporter that the fix was not adequate in version 5.1.1. Therefore, version 5.1.2 that contains the fix was released later.
Related
prion
prion
Directory traversal
2023-06-28 05:15:00
nvd
nvd
CVE-2023-32623
2023-06-28 05:15:10
cvelist
cvelist
CVE-2023-32623
2023-06-28 04:16:55
cve
cve
CVE-2023-32623
2023-06-28 05:15:10
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS
0.003
Percentile
71.8%
Related for JVN:97127032