CVE-2023-5414
published 2023-10-20CVE-2023-5414: The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This…
PriorityP342high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.03%
59.4th percentile
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icegram | icegram_express | <= 5.6.23 | — |
| msrc | microsoft_edge | — | — |
| msrc | microsoft_edge_extended_stable | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx55-4qhm-8qw2: The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5
ghsa_unreviewed·2023-10-20
CVE-2023-5414 [HIGH] CWE-22 GHSA-wx55-4qhm-8qw2: The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5
The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.
Microsoft
Microsoft Edge (Chromium-based) Spoofing Vulnerability
vendor_msrc·2023-04-11·CVSS 4.3
CVE-2023-29334 [MEDIUM] Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
112.0.1722.48
4/15/2023
112.0.5615.121
109.01518.100
4/24/2023
109.0.5414.141
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.
FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability?
An attacker who successfully exploited this could bypass the Edge security warning message feature.
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Spoo
Microsoft
Chromium: CVE-2023-0471 Use after free in WebTransport
vendor_msrc·2023-01-10·CVSS 8.8
CVE-2023-0471 [HIGH] Chromium: CVE-2023-0471 Use after free in WebTransport
Chromium: CVE-2023-0471 Use after free in WebTransport
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Channel
Microsoft Edge Version
Based on Chromium Version
Date Released
Stable
109.0.1343.27
109.0.5414.119/.120
1/26/2023
Extended Stable
108.0.1293.81
108.0.5359.215
1/26/2023
Microsoft Edge (Chromium-based): Microsoft Edge (Chromium-based)
Chrome: Chrome
Customer Action Required: Yes
Exploit Status: DOS:N/A
Remediation: Release Notes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cvehttps://plugins.trac.wordpress.org/browser/email-subscribers/trunk/lite/includes/classes/class-email-subscribers-logs.php?rev=2919465#L28https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2977318%40email-subscribers%2Ftrunk&old=2972043%40email-subscribers%2Ftrunk&sfp_email=&sfph_mail=#file4https://www.wordfence.com/threat-intel/vulnerabilities/id/417186ba-36ef-4d06-bbcd-e85eb9219689?source=cve
2023-10-20
Published