← Volver a CVEs
CVE-2024-9047
CRITICAL9.8
Descripcion
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado10/12/2024
Ultima modificacion3/12/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
iptanus:wordpress_file_upload
Debilidades (CWE)
CWE-22
Referencias
https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload(security@wordfence.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.