CVE-2023-0156
Last modified
CVE-2023-0156 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.. EPSS estimates a 19.92% chance of exploitation in the next 30 days.
Description
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Updraftplus | All-In-One Security | < 5.1.5 |
References
- https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/caf1dbb5-197e-41e9-8f48-ba1f2360a759Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-0156?
How severe is CVE-2023-0156?
How do I fix CVE-2023-0156?
Are you affected by CVE-2023-0156?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST