Vulnerability Description
The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Miniorange | Prevent Files \/ Folders Access | < 2.5.2 |
References
- https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638fExploitThird Party Advisory
- https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638fExploitThird Party Advisory
FAQ
What is CVE-2023-4238?
CVE-2023-4238 is a vulnerability with a CVSS score of 7.2 (HIGH). The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.
How severe is CVE-2023-4238?
CVE-2023-4238 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4238?
Check the references section above for vendor advisories and patch information. Affected products include: Miniorange Prevent Files \/ Folders Access.