The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpress_file_upload shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files to arbitrary locations on the web server.
References
Configurations
History
07 Aug 2024, 22:19
Type | Values Removed | Values Added |
---|---|---|
First Time |
Iptanus
Iptanus wordpress File Upload |
|
Summary |
|
|
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3118456%40wp-file-upload&new=3118456%40wp-file-upload&sfp_email=&sfph_mail= - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/39bb69e0-fb18-4737-9eb7-bda2b5bc16a2?source=cve - Third Party Advisory | |
CWE | CWE-22 | |
CPE | cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:* |
16 Jul 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-16 09:15
Updated : 2024-08-07 22:19
NVD link : CVE-2024-5852
Mitre link : CVE-2024-5852
CVE.ORG link : CVE-2024-5852
JSON object : View
Products Affected
iptanus
- wordpress_file_upload
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')