Vulnerabilities > CVE-2023-4297 - Unspecified vulnerability in Mediamanifesto MMM Simple File List 2.3

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mediamanifesto

NVD

Published: 2023-11-27

Updated: 2024-11-21

Summary

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.

Vulnerable Configurations

Part	Description	Count
Application	Mediamanifesto Mediamanifesto MMM Simple File List 2.3	1

References

https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978
https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978