CVE-2023-4216

Orders Tracking for WooCommerce < 1.2.6 - Admin+ Arbitrary File Access/Read

Severity Score

2.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 doesn't validate the file_url parameter when importing a CSV file, allowing high privilege users with the manage_woocommerce capability to access any file on the web server via a Traversal attack. The content retrieved is however limited to the first line of the file.

El plugin Orders Tracking for WooCommerce de WordPress versiones anteriores a 1.2.6 no valida el archivo_url parameter cuando se importa un archivo CSV, permitiendo a los usuarios de altos privilegios con la capacidad manage_woocommerce a acceder a cualquier archivo en el servidor web a través de un ataque transversal. in embargo, el contenido recuperado se limita a la primera línea del fichero.

The Orders Tracking for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 1.2.5 via the 'file_url' parameter when importing CSV files. This allows authenticated attackers, with administrator-level (manage_woocommerce) privileges and above, to read the contents of the first line of arbitrary files on the server, which can contain sensitive information.

*Credits: Utkarsh Agrawal, WPScan

CVSS Scores

NISTv3.1 2.7

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-08-07 CVE Reserved
2023-08-14 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-09-10 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://wpscan.com/vulnerability/8189afc4-17b3-4696-89e1-731011cb9e2b	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Villatheme Search vendor "Villatheme"		Orders Tracking For Woocommerce Search vendor "Villatheme" for product "Orders Tracking For Woocommerce"				< 1.2.6 Search vendor "Villatheme" for product "Orders Tracking For Woocommerce" and version " < 1.2.6"		wordpress		Affected