Back to search
CVE-2023-1624
Published: Apr 24, 2023
Modified: Feb 4, 2025
PUBLISHED
Description
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders
| Vendor | Product | Versions |
|---|---|---|
Unknown | WPCode | affected 0 - < 2.0.9 |
References
https://wpscan.com/vulnerability/132b70e5-4368-43b4-81f6-2d01bc09dc8f
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now