TROYANOSYVIRUS
Back to CVEs

CVE-2024-11585

HIGH
7.5

Description

The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.

CVE Details

CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/6/2024
Last Modified12/6/2024
Sourcenvd
Honeypot Sightings0

Weaknesses (CWE)

CWE-22

References

https://plugins.trac.wordpress.org/browser/wp-hide-security-enhancer/tags/2.5.1/router/file-process.php#L43(security@wordfence.com)
https://www.wordfence.com/threat-intel/vulnerabilities/id/43c7056e-39d8-467e-92ec-33a31e5dafc9?source=cve(security@wordfence.com)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.