Vulnerability CVE-2023-0331
Published: 2023-02-27

Description:
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.

Type:

CWE-552

 (Files or Directories Accessible to External Parties)

 References:
https://wpscan.com/vulnerability/1b4dbaf3-1364-4103-9a7b-b5a1355c685b
Copyright 2026, cxsecurity.com

 

Back to Top