CVE-2023-4930 — MEDIUM (6.5)

Q: How severe is CVE-2023-4930?

CVE-2023-4930 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-4930?

Check the references section above for vendor advisories and patch information. Affected products include: Shamimsplugins Front End Pm.

Vulnerability Description

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Shamimsplugins	Front End Pm	< 11.4.3

Related Weaknesses (CWE)

CWE-552

References

https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2ExploitThird Party Advisory
https://wpscan.com/vulnerability/c73b3276-e6f1-4f22-a888-025e5d0504f2ExploitThird Party Advisory

FAQ

What is CVE-2023-4930?

CVE-2023-4930 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and do...

How severe is CVE-2023-4930?

CVE-2023-4930 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-4930?

Check the references section above for vendor advisories and patch information. Affected products include: Shamimsplugins Front End Pm.