The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/3007057/ | Patch |
https://www.wordfence.com/threat-intel/vulnerabilities/id/ac709779-36f1-4f66-8db3-95a514a5ea59?source=cve | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-01-11T08:32:50.136Z
Updated: 2024-01-11T08:32:50.136Z
Reserved: 2023-12-07T14:47:52.315Z
Link: CVE-2023-6583
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-11T09:15:49.777
Modified: 2024-01-17T18:42:13.750
Link: CVE-2023-6583
JSON object: View
Redhat Information
No data.
CWE