Vulnerability Details CVE-2023-2288
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.184
EPSS Ranking 94.9%
CVSS Severity
CVSS v3 Score 8.8
References