CVE-2023-1624 in WPCode Plugininfo

Summary

by MITRE • 04/24/2023

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservation

03/24/2023

Disclosure

04/24/2023

Moderation

accepted

Entry

VDB-224983

CPE

ready

CWE

CWE-352 (confirmed)

CVSS

4.3 (VulDB)

EPSS

0.00307

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-1624
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-1624
CVE Details	https://www.cvedetails.com/cve/CVE-2023-1624/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!