8.8

CVE-2024-2024

EPSS 17.12%
Veröffentlicht 14.06.2024 13:15:51
Zuletzt bearbeitet 21.11.2024 09:08:51
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Folders Pro <= 3.0.2 - Authenticated(Author+) Arbitrary File Upload via handle_folders_file_upload

The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Mögliche Gegenmaßnahme

Folders Pro: Update to version 3.0.3, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Folders Pro

Version *-3.0.2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerPremio

≫

Produkt Folders Pro

Default Statusunaffected

Version <= 3.0.2

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	17.12%	0.949

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://plugins.trac.wordpress.org/browser/folders/tags/3.0/includes/media.replace.php#L1311

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=cve

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1d953f-6a5c-46af-a1a5-2c4f90da679a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-2024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2024

EUVD