CVE-2023-4216

CVSS V2 None CVSS V3 None
Description
The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.
Overview
  • CVE ID
  • CVE-2023-4216
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Awaiting Analysis
  • Published Version
  • 2023-09-04T12:15:10
  • Last Modified Date
  • 2023-09-05T06:50:39
History
Created Old Value New Value Data Type Notes
2023-09-06 03:06:12 Added to TrackCVE
2023-09-06 03:06:15 Weakness Enumeration new