CVE-2023-1624
Published: 24 April 2023
Summary
CVE-2023-1624 is a medium-severity an unspecified weakness vulnerability in Wpcode Wpcode. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-23856
Vulnerability details
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete…
more
arbitrary log files on the server, including outside of the blog folders
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.