Lucene search

[email protected]NVD:CVE-2023-0080

HistoryFeb 13, 2023 - 3:15 p.m.

CVE-2023-0080

2023-02-1315:15:20

[email protected]

web.nvd.nist.gov

customer reviews

woocommerce

wordpress

plugin

security

vulnerability

rce

file traversal

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.

Affected configurations

Nvd

Node

cusrevcustomer_reviews_for_woocommerceRange<5.16.0wordpress

VendorProductVersionCPE
cusrevcustomer_reviews_for_woocommerce*cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
cusrev	customer_reviews_for_woocommerce	*	cpe:2.3:a:cusrev:customer_reviews_for_woocommerce::::::wordpress::*

References

wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

43.5%

JSON

Related for NVD:CVE-2023-0080

prion1 cvelist1 cve1