Описание
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
Уязвимые конфигурации
Конфигурация 1Версия до 4.24.14 (исключая)
cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 85%
0.02667
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 1 года назад
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
EPSS
Процентиль: 85%
0.02667
Низкий
7.5 High
CVSS3
Дефекты
CWE-22