CVE-2023-0159

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
References
Configurations

Configuration 1

cpe:2.3:a:wprealize:extensive_vc_addons_for_wpbakery_page_builder:*:*:*:*:*:wordpress:*:*

Information

Published : 2023-02-13 03:15

Updated : 2023-02-15 04:03


NVD link : CVE-2023-0159

Mitre link : CVE-2023-0159

CWE