Files or Directories Accessible to External Parties

CVE-2023-4930

Medium

6.5/10

Summary

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-552 - Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References

Advisory Timeline

Published Nov 06, 2023

Files or Directories Accessible to External Parties

CVE-2023-4930

Summary

CWE-552 - Files or Directories Accessible to External Parties

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS