CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-2180

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.2%

CVSS Severity

CVSS v3 Score 7.5

References

https://wpscan.com/vulnerability/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b
https://wpscan.com/vulnerability/4d3b90d8-8a6d-4b72-8bc7-21f861259a1b

Products affected by CVE-2023-2180

Kiwiz Invoices Certification & Pdf System Project » Kiwiz Invoices Certification & Pdf System » Version: Any

cpe:2.3:a:kiwiz_invoices_certification_&_pdf_system_project:kiwiz_invoices_certification_&_pdf_system:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2180

Products

Pricing

Contact Us