Vulnerability Details : CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Vulnerability category: Directory traversalFile inclusion
Products affected by CVE-2023-2278
- cpe:2.3:a:wpdirectorykit:wp_directory_kit:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-2278
0.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-2278
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
Wordfence |
CWE ids for CVE-2023-2278
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-2278
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/87399a07-d2d8-42cd-81f0-9060f6cfff48?source=cve
WP Directory Kit <= 1.1.9 - Unauthenticated Local File Inclusion via wdk_public_actionThird Party Advisory
-
https://plugins.trac.wordpress.org/changeset/2904689/wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php
Changeset 2904689 for wpdirectorykit/trunk/vendor/Winter_MVC/core/mvc_loader.php – WordPress Plugin RepositoryPatch;Release Notes
-
https://plugins.trac.wordpress.org/browser/wpdirectorykit/tags/1.1.8/vendor/Winter_MVC/core/mvc_loader.php#L91
mvc_loader.php in wpdirectorykit/tags/1.1.8/vendor/Winter_MVC/core – WordPress Plugin RepositoryExploit
Jump to