CVE-2023-1274
N/A
N/A
Summary
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Pricing Tables For WPBakery Page Builder (formerly Visual Composer) | 0 < 3.0 | affected |
Weaknesses
- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.