CVE-2023-0340

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://wpscan.com/vulnerability/71956598-90aa-4557-947a-c4716674543d", "name": "https://wpscan.com/vulnerability/71956598-90aa-4557-947a-c4716674543d", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-0340", "ASSIGNER": "contact@wpscan.com"}}, "impact": {}, "publishedDate": "2023-03-20T16:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-21T11:51Z"}