Path Traversal Vulnerability Affects GMAce from n/a to 1.5.2
CVE-2023-23872

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Gmace
Vendor: CVE Published:; 17 May 2024

What is CVE-2023-23872?

The vulnerability in the German Mesky GMAce plugin presents a significant security risk due to improper limitations of a pathname to a restricted directory. This flaw allows attackers to exploit path traversal techniques, potentially leading to unauthorized access to sensitive files and directories on the server. Affected versions of GMAce include those up to and including 1.5.2, necessitating prompt updates to mitigate potential exploitation.

Affected Version(s)

GMAce <= 1.5.2

References

https://patchstack.com/database/vulnerability/gmace/wordp...

vdb-entry

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jan 19, 2023

Credit

Mika (Patchstack Alliance)

WordPress

What is CVE-2023-23872?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit