Path Traversal Vulnerability Affects Shortcodes and Extra Features for Phlox Theme
CVE-2023-37888

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Shortcodes And Extra Features For Phlox Theme
Vendor: CVE Published:; 17 May 2024

What is CVE-2023-37888?

A Path Traversal vulnerability exists in the By Averta Phlox theme, which allows authorized users to exploit improperly restricted pathname limitations. This issue can lead to PHP Local File Inclusion, enabling attackers to gain unauthorized access to sensitive files within the web server's directory structure. The vulnerability affects all versions of the Shortcodes and extra features for the Phlox theme, particularly impacting versions up to 2.14.0.

Affected Version(s)

Shortcodes and extra features for Phlox theme <= 2.14.0

References

https://patchstack.com/database/vulnerability/auxin-eleme...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Jul 10, 2023

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2023-37888?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit