CVE-2023-6295

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Dec 18, 2023

Updated: Dec 21, 2023

Summary

CVE-2023-6295 is a vulnerability affecting the SiteOrigin Widgets Bundle plugin for WordPress before version 1.51.0. This issue allows administrators to conduct Local File Inclusion (LFI) attacks on Multisite WordPress sites due to insufficient input validation. Specifically, the plugin fails to validate user input before generating paths for inclusion functions. Consequently, an attacker with administrator privileges can manipulate the input to load arbitrary files on the server, potentially leading to serious security implications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

SiteOrigin

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tjRBn5
https://www.cve.org/CVERecord?id=CVE-2023-6295
https://nvd.nist.gov/vuln/detail/CVE-2023-6295

Back to Vulnerability Database

CVE-2023-6295

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations