WordPress Plugin Vulnerabilities

GMace <= 1.5.2 - Admin+ Path Traversal

Description

The plugin does not validate user input used in a path, which could allow high privilege users, such as admin to perform path traversal attacks

Affects Plugins

Plugin icon
gmace
No known fix

References

CVE
CVE-2023-23872

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
Mika
Verified
No
WPVDB ID
56ea2ea1-d888-49ac-bc30-47c0f540135a

Timeline

Publicly Published
2023-02-28 (about 3 years ago)
Added
2023-03-30 (about 3 years ago)
Last Updated
2023-03-30 (about 3 years ago)

Other

Published
Title
Published
2022-11-30
Title
Easy WP SMTP < 1.5.2 - Admin+ Arbitrary File Access
Published
2023-12-01
Title
Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion
Published
2021-08-23
Title
OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API
Published
2022-03-01
Title
WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
Published
2023-05-15
Title
MW WP Form < 4.4.3 - Unauthenticated Path Traversal