CVE-2024-9224

The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kau-boys:hello_world:*:*:*:*:*:wordpress:*:*

History

07 Oct 2024, 19:19

Type Values Removed Values Added
First Time Kau-boys hello World
Kau-boys
CPE cpe:2.3:a:kau-boys:hello_world:*:*:*:*:*:wordpress:*:*
References () https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L113 - () https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L113 - Product
References () https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L35 - () https://plugins.trac.wordpress.org/browser/hello-world/tags/2.1.1/hello-world.php#L35 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/2f58df1f-66f7-4e3d-af6d-08174653a2ad?source=cve - Third Party Advisory

04 Oct 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) El complemento Hello World para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 2.1.1 incluida a través de la función hello_world_lyric(). Esto permite que atacantes autenticados, con acceso de nivel de suscriptor o superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.

01 Oct 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-01 09:15

Updated : 2024-10-07 19:19


NVD link : CVE-2024-9224

Mitre link : CVE-2024-9224

CVE.ORG link : CVE-2024-9224


JSON object : View

Products Affected

kau-boys

  • hello_world
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')