Vulnerability Details : CVE-2023-4139
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.
Vulnerability category: Information leak
Products affected by CVE-2023-4139
- cpe:2.3:a:smackcoders:wp_ultimate_csv_importer:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4139
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4139
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
Wordfence |
CWE ids for CVE-2023-4139
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security@wordfence.com (Primary)
References for CVE-2023-4139
-
https://www.wordfence.com/threat-intel/vulnerabilities/id/6404476e-0c32-4f8e-882f-6a1785ba5748?source=cve
WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory ListingThird Party Advisory
-
https://plugins.trac.wordpress.org/changeset/2944635/wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php
Changeset 2944635 for wp-ultimate-csv-importer/trunk/wp-ultimate-csv-importer.php – WordPress Plugin RepositoryPatch
Jump to