CVE-2023-1624 — MEDIUM (6.5)

Q: How severe is CVE-2023-1624?

CVE-2023-1624 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-1624?

Check the references section above for vendor advisories and patch information. Affected products include: Wpcode Wpcode.

Vulnerability Description

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpcode	Wpcode	< 2.0.9

References

https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8fExploitThird Party Advisory
https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8fExploitThird Party Advisory

FAQ

What is CVE-2023-1624?

CVE-2023-1624 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users wi...

How severe is CVE-2023-1624?

CVE-2023-1624 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-1624?

Check the references section above for vendor advisories and patch information. Affected products include: Wpcode Wpcode.