CVE-2023-1274

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as subscriber to perform LFI attacks
Configurations

Configuration 1 (hide)

cpe:2.3:a:pricing_tables_for_wpbakery_page_builder_project:pricing_tables_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:38

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/267acb2c-1a95-487f-a714-516de05d2b2f - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/267acb2c-1a95-487f-a714-516de05d2b2f - Exploit, Third Party Advisory

25 Apr 2023, 19:29

Type Values Removed Values Added
CPE cpe:2.3:a:pricing_tables_for_wpbakery_page_builder_project:pricing_tables_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://wpscan.com/vulnerability/267acb2c-1a95-487f-a714-516de05d2b2f - (MISC) https://wpscan.com/vulnerability/267acb2c-1a95-487f-a714-516de05d2b2f - Exploit, Third Party Advisory

17 Apr 2023, 14:06

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-17 13:15

Updated : 2024-11-21 07:38


NVD link : CVE-2023-1274

Mitre link : CVE-2023-1274

CVE.ORG link : CVE-2023-1274


JSON object : View

Products Affected

pricing_tables_for_wpbakery_page_builder_project

  • pricing_tables_for_wpbakery_page_builder
CWE

No CWE.