Vulnerability Description
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Icegram | Icegram Express | <= 5.6.23 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includesPatch
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcThird Party Advisory
- https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includesPatch
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&newPatch
- https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcThird Party Advisory
FAQ
What is CVE-2023-5414?
CVE-2023-5414 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read ...
How severe is CVE-2023-5414?
CVE-2023-5414 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-5414?
Check the references section above for vendor advisories and patch information. Affected products include: Icegram Icegram Express.