CVE-2024-10571

Published Nov 14, 2024

Last updated 2 days ago

CVSS critical 9.8

Overview

Description
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Source
security@wordfence.com
NVD status
Undergoing Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-98

Social media

Hype score
Not currently trending

  1. CVE-2024-10571 The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' paramete… https://t.co/OUfSA7W2u8

    @CVEnew

    14 Nov 2024

    114 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. No need to worry about these CVE's when you protect your site with #WEBOUNCER by https://t.co/YvUrFmPcXS CVE-2024-10571 (CVSS 9.8): Critical Flaw in WordPress Chart Plugin Under Active Attack https://t.co/05S3jZdyAj via @the_yellow_fall

    @BrainLabVisions

    14 Nov 2024

    31 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2024-10571: CRITICAL] Vulnerability in WordPress Chartify plugin allows attackers to execute arbitrary files on the server through Local File Inclusion. Update to version 2.9.6 to stay secure.#cybersecurity,#vulnerability https://t.co/NGzt1rTQCa https://t.co/gkEeqfoyuL

    @CveFindCom

    14 Nov 2024

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-10571 (CVSS 9.8): Critical Flaw in WordPress Chart Plugin Under Active Attack Wordfence, a leading #WordPress security firm, reports blocking a staggering "2,207,540 attacks targeting this #vulnerability in the past 24 hours." https://t.co/RgTbv18IO8

    @the_yellow_fall

    14 Nov 2024

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. A CVE of mine CVE-2024-10571 (CVSS:3.1 9.8 Critical) has been released today. You can read more about it at the link below https://t.co/6JINxM8oJe . I would be making a full disclosure exclusively on my blog https://t.co/EdfXmase1a, on the 13th January 2025. Please save the date.

    @theabrahack

    13 Nov 2024

    1058 Impressions

    3 Retweets

    20 Likes

    3 Bookmarks

    0 Replies

    1 Quote

References