CVE-2023-0159

high-risk
Published 2023-02-13

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.

Do I need to act?

!
92.7% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
52085
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Wprealize

References (2)

Exploit https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809
Exploit https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809
51
/ 100
high-risk
Severity 26/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal