The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to overwrite arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
References
Configurations
History
26 Sep 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:exthemes:wooevents:*:*:*:*:*:wordpress:*:* | |
First Time |
Exthemes wooevents
Exthemes |
|
References | () https://codecanyon.net/item/wooevents-calendar-and-event-booking/15598178 - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/3d7af96a-5a3c-4291-a369-f6ed78f72a3f?source=cve - Third Party Advisory |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Sep 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-24 03:15
Updated : 2024-09-26 16:38
NVD link : CVE-2024-8671
Mitre link : CVE-2024-8671
CVE.ORG link : CVE-2024-8671
JSON object : View
Products Affected
exthemes
- wooevents
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')