Overview
- Description
- The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
🚨 CVE-2024-10011 (Published: 2024-10-25) - A high-severity vulnerability affecting Defiant Inc. products. Ensure your versions are updated to mitigate risks. For detailed remediation steps, check out the full report here: https://t.co/nHWK0JLx6d #CyberSecurity… https://t.co/zwtE
@transilienceai
27 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - A high-severity vulnerability affecting Defiant Inc. products. Ensure your systems are updated to the latest versions to mitigate risks. For detailed remediation steps, visit: https://t.co/nHWK0JLx6d #CyberSecurity
@transilienceai
27 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in Defiant Inc. products. Affects multiple versions. Remediation is crucial! Ensure your systems are updated and secure. For more details, visit: https://t.co/nHWK0JLx6d #CyberSecurity #VulnerabilityAlert
@transilienceai
27 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects versions prior to the latest update. Ensure your site is secure by updating to the patched version. For details, check the changeset: https://t.co/w1ldMJigYZ #WordPress #Security
@transilienceai
27 Oct 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity in BuddyPress. Exploited versions may lead to vulnerabilities. Ensure you update to the latest version to mitigate risks. For detailed changes, check the update here: [BuddyPress Changeset](https://t.co/w1ldMJigYZ)… https:
@transilienceai
27 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects versions prior to the latest release. To mitigate, update to the latest version immediately. For details, check the fix here: https://t.co/rDkXgDPDE6 #CyberSecurity #WordPress
@transilienceai
27 Oct 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects versions prior to the latest release. Users should update to the latest version to mitigate risks. For more details, check the code here: https://t.co/oThUcYM8nb #CyberSecurity… https:/
@transilienceai
27 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - A high-severity vulnerability in BuddyPress affects multiple versions. Users are urged to update to the latest release to mitigate risks. For details, check the code [here](https://t.co/oThUcYM8nb). Stay safe! 🔒 #CyberSecurity
@transilienceai
27 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects multiple versions. Users are urged to update to the latest release to mitigate risks. For more details, check the fix here: [BuddyPress GitHub](https://t.co/oThUcYM8nb) #CyberSecurity…
@transilienceai
27 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - Critical vulnerability in BuddyPress. Affects versions prior to 14.2.1. 🛡️ Ensure your site is secure by updating to the latest version. Check the release notes for more details: https://t.co/4qYDVyO11u #CyberSecurity #WordPress… https
@transilienceai
27 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - Critical vulnerability in BuddyPress! Affects versions prior to 14.2.1. 🛡️ Ensure your site is secure by updating to the latest version. Check the release notes for details: https://t.co/4qYDVyO11u #CyberSecurity #WordPress #BuddyPress
@transilienceai
27 Oct 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in Defiant Inc. products. Affects specific versions. Ensure you update to the latest release to mitigate risks. Stay secure! 🔒 For more details, visit: https://t.co/nHWK0JLx6d #CyberSecurity
@transilienceai
26 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in Defiant Inc. products. Affects specific versions. Immediate remediation is crucial! For detailed insights and mitigation steps, check out the full report: https://t.co/nHWK0JLx6d #CyberSecurity #CVE
@transilienceai
26 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - A high-severity vulnerability in BuddyPress affects multiple versions. Users are urged to update to the latest version to mitigate risks. For detailed changes, check the update log: https://t.co/w1ldMJigYZ #WordPress #Security
@transilienceai
26 Oct 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects versions prior to the latest update. Remediation: Update to the latest version to secure your site. More details: [BuddyPress Changeset](https://t.co/w1ldMJigYZ) #WordPress #Security
@transilienceai
26 Oct 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10011 (Published: 2024-10-25) - High severity vulnerability in BuddyPress. Affects versions prior to the latest release. Users are urged to update to the latest version to mitigate risks. For more details, check the fix here: https://t.co/oThUcYM8nb #CyberSecurity
@transilienceai
26 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10011 The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for… https://t.co/yWMpbxmd45
@CVEnew
25 Oct 2024
372 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:buddypress:buddypress:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "FCFCCBD4-7F7F-4585-8331-BF8343397BDC",
"versionEndIncluding": "14.1.0"
}
],
"operator": "OR"
}
]
}
]