CVE-2024-32830

EPSS 0.58%
Veröffentlicht 17.05.2024 10:15:11
Zuletzt bearbeitet 25.11.2025 19:54:02
Quelle audit@patchstack.com
CVE-Watchlists
Login
Unerledigt
Login

WordPress buddyforms plugin <= 2.8.8- Arbitrary File Read and SSRF vulnerability

BuddyForms <= 2.8.8 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.

Mögliche Gegenmaßnahme

Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC): Update to version 2.8.9, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Themekraft ≫ Buddyforms SwPlatformwordpress Version < 2.8.9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)

Version *-2.8.8

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.432

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
audit@patchstack.com	8.6	3.9	4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve

Patch

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/23d762e9-d43f-4520-a6f1-c920417a2436

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-32830

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32830

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32830

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32830