CVE-2023-4238

HIGH

WordPress Plugin <2.5.2 - Code Injection

Title source: llm

Description

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server.

Exploits (1)

inthewild

poc

https://github.com/codeb0ss/cve-2023-4238-poc

View on inthewild

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/53816136-4b1a-4b7d-b73b-08a90c2a638f

Scores

CVSS v3 7.2

EPSS 0.2819

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

miniorange/prevent_files_\/_folders_access < 2.5.2

Published Sep 25, 2023

Tracked Since Feb 18, 2026