Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-2252Path Traversal in Directorist

CWE-22Path Traversal6 documents5 sources
Severity
2.7LOWNVD
EPSS
8.8%
top 7.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Wpwax Directorist
Timeline
PublishedJan 16

Description

The Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

NVDwpwax/directorist< 7.5.4

🔴Vulnerability Details

2
CVEList
Directorist < 7.5.4 - Admin+ LFI2024-01-16
GHSA
GHSA-6p3c-gh88-xpp9: The Directorist WordPress plugin before 72024-01-16

💥Exploits & PoCs

1
Nuclei
Directorist < 7.5.4 - Local File Inclusion
CVE-2023-2252 — Path Traversal in Wpwax Directorist | cvebase