{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-4297","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2023-08-10T15:33:52.218Z","datePublished":"2023-11-27T16:22:01.657Z","dateUpdated":"2025-06-05T14:01:19.686Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-11-27T16:22:01.657Z"},"title":"Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing","problemTypes":[{"descriptions":[{"description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Mmm Simple File List","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"2.3"}],"defaultStatus":"affected","collectionURL":"https://wordpress.org/plugins"}],"descriptions":[{"lang":"en","value":"The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories."}],"references":[{"url":"https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"affected":[{"vendor":"mmm_simple_file_list","product":"mmm_simple_file_list","cpes":["cpe:2.3:a:mmm_simple_file_list:mmm_simple_file_list:2.3:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThanOrEqual":"2.3","versionType":"custom"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-11T15:07:38.776197Z","id":"CVE-2023-4297","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-05T14:01:19.686Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:24:04.609Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/9ff85b06-819c-459e-90a9-6151bfd70978","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}