Medium severity4.9NVD Advisory· Published Oct 30, 2024· Updated Apr 8, 2026

CVE-2023-5816

Description

The Code Explorer plugin for WordPress is vulnerable to arbitrary external file reading in all versions up to, and including, 1.4.5. This is due to the fact that the plugin does not restrict accessing files to those outside of the WordPress instance, though the intention of the plugin is to only access WordPress related files. This makes it possible for authenticated attackers, with administrator-level access, to read files outside of the WordPress instance.

Affected products

Bowo/Code Explorer
cpe:2.3:a:bowo:code_explorer:*:*:*:*:*:wordpress:*:*
Range: <=1.4.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/42ecc4e5-d660-472f-823d-a29b84cdf041nvdThird Party Advisory
wordpress.org/plugins/code-explorer/nvdProduct
plugins.trac.wordpress.org/changesetnvd

News mentions

No linked articles in our index yet.

cvss	0.319
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000