Path Traversal Vulnerability Affects Shortcodes and Extra Features for Phlox Theme
CVE-2023-37888

7.6HIGH

Key Information:

Vendor: WordPress
Status: Shortcodes And Extra Features For Phlox Theme
Vendor: CVE Published:; 17 May 2024

Summary

A Path Traversal vulnerability exists in the By Averta Phlox theme, which allows authorized users to exploit improperly restricted pathname limitations. This issue can lead to PHP Local File Inclusion, enabling attackers to gain unauthorized access to sensitive files within the web server's directory structure. The vulnerability affects all versions of the Shortcodes and extra features for the Phlox theme, particularly impacting versions up to 2.14.0.

Affected Version(s)

Shortcodes and extra features for Phlox theme <= 2.14.0

References

https://patchstack.com/database/vulnerability/auxin-eleme...

vdb-entry

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jul 10, 2023

Credit

Rafie Muhammad (Patchstack)