CVE-2023-1274 Vulnerability Details

  /     /     /  

CVE-2023-1274 Metadata Quick Info

CVE Published: 17/04/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: WPScan | Vendor: Unknown | Product: Pricing Tables For WPBakery Page Builder (formerly Visual Composer)
Status : PUBLISHED

CVE-2023-1274 Description

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: Unknown

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-1274 Vulnerability Details