CVE-2024-10803

Published Nov 23, 2024

Last updated 3 months ago

CVSS high 7.5

Overview

Description
The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10803: Critical path traversal in FWDesign MP3 Sticky Player Plugin <= 8.0 on WordPress. Impacts downloader.php. Patch immediately to mitigate risks of remote attacks and unauthorized access. #CyberSecurity #WordPress

    @oktsec

    23 Nov 2024

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References