6.5

CVE-2024-13117

Exploit

EPSS 0.3%
Veröffentlicht 27.01.2025 06:15:23
Zuletzt bearbeitet 13.05.2025 20:59:51
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Social Share Buttons for WordPress <= 2.7 - Missing Authorization to Unauthenticated Image Upload & Path Traversal

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded

Mögliche Gegenmaßnahme

Social Share Buttons for WordPress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Social Share Buttons for WordPress

Version * - 2.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Artlosk ≫ Share Buttons SwPlatformwordpress Version <= 2.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.3%	0.524

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

https://wpscan.com/vulnerability/3234cdac-f328-4f1e-a1de-31fbd86aefb9/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/2d8cbc6e-cb75-4d7b-94a5-876c57cf3329

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13117

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13117

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13117

EUVD