CVE-2023-4297

Summary

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.

Affected Software

VendorProductVersion RangeStatus
UnknownMmm Simple File List0 <= 2.3affected

Weaknesses

  • CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References