Lucene search

WpvulndbWPVDB-ID:E50754E3-1833-4601-805F-BD3BDB5D6B7E

HistoryApr 29, 2024 - 12:00 a.m.

Spectra – WordPress Gutenberg Blocks < 2.12.7 - Contributor+ Path Traversal

2024-04-2900:00:00

wpscan.com

wordpress

path traversal

contributor权限.

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.1%

JSON

Description The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Path Traversal via the get_block_default_attributes function. This allows authenticated attackers, with contributor-level permissions and above, to read the contents of any files named attributes.php on the server, which can contain sensitive information.

References

www.wordfence.com/threat-intel/vulnerabilities/id/110e5e67-b318-4ab2-9b4d-59aabcf7db7c

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.1%

JSON

Related for WPVDB-ID:E50754E3-1833-4601-805F-BD3BDB5D6B7E