OceanWP Path Traversal Vulnerability Allows PHP Local File Inclusion
CVE-2023-23700

7.6HIGH

Key Information:

Vendor: WordPress
Status: OceanWP
Vendor: CVE Published:; 17 May 2024

What is CVE-2023-23700?

A Path Traversal vulnerability in the OceanWP Theme allows an attacker to manipulate file paths to access unauthorized files on the server. This issue, which affects versions from n/a through 3.4.1, can lead to PHP Local File Inclusion, potentially compromising sensitive information and server security. Administrators using affected versions are advised to apply necessary updates and implement security best practices to mitigate risks.

Affected Version(s)

OceanWP <= 3.4.1

References

https://patchstack.com/database/vulnerability/oceanwp/wor...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jan 17, 2023

Credit

Rafie Muhammad (Patchstack)