Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-47840

Published: 29/12/2023 Updated: 04/01/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Qodeinteractive

Vulnerability Summary

Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a up to and including 1.5.2.

Vulnerable Product Search on Vulmon Subscribe to Product

qodeinteractive qode essential addons

Github Repositories

https://github.com/RandomRobbieBF/CVE-2023-47840

Qode Essential Addons <= 1.5.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

CVE-2023-47840 Qode Essential Addons &lt;= 152 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description: The Qode Essential Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the install_plugin() function in all versions up to, and including, 152 This mak

References

CWE-94https://patchstack.com/database/vulnerability/qode-essential-addons/wordpress-qode-essential-addons-plugin-1-5-2-arbitrary-plugin-installation-and-activation-vulnerability?_s_id=cvehttps://nvd.nist.govhttps://github.com/RandomRobbieBF/CVE-2023-47840
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook