cleantalk
Vulnerabilities and Security Researches

All-In-One Security (AIOS) – Security and Firewall, CVE-2023-0156

CVE, Research URL

CVE-2023-0156

Home page URL

Security reports for All-In-One Security (AIOS) – Security and Firewall

Application

All-In-One Security (AIOS) – Security and Firewall

Published on
Apr 10, 2023
Research Description
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
Affected versions
Min -, max 5.1.5.
Status
vulnerable
Previous vulnerability researches
All-In-One Security (AIOS) – Security and Firewall (CVE-2022-4346) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-0156) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-0157) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2023-52147) , Jun 07, 2024
All-In-One Security (AIOS) – Security and Firewall (CVE-2024-1037) , Jun 07, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025