exploitDog

CVE-2024-32830

Опубликовано: 17 мая 2024

Источник: nvd

CVSS3: 8.6

CVSS3: 7.5

EPSS Низкий

Описание

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.

Ссылки

https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve
Patch
Third Party Advisory
https://patchstack.com/database/vulnerability/buddyforms/wordpress-buddyforms-plugin-2-8-8-arbitrary-file-read-and-ssrf-vulnerability?_s_id=cve
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themekraft:buddyforms:*:*:*:*:*:wordpress:*:*

Версия до 2.8.9 (исключая)

EPSS

Процентиль: 79%

0.01314

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-w32p-xp8f-5vqc

CVSS3: 8.6

github

больше 1 года назад

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.

EPSS

Процентиль: 79%

0.01314

Низкий

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-22