CVE-2024-10871

Published Nov 9, 2024

Last updated 5 days ago

CVSS critical 9.8

Overview

Description: The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included.
Source: security@wordfence.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security@wordfence.com: CWE-98

Hype score: Not currently trending

CVE-2024-10871 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including..https://t.co/nnKleklDh6 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins for WordPress. Affects multiple versions. 🛠️ Remediation: Update to the latest version immediately to safeguard your site. More details: https://t.co/e6FTSLBOEJ #WordPress #Security #CVE
@transilienceai
13 Nov 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins for WordPress. Affects multiple versions. 🛡️ Remediation: Update to the latest version as per the changeset: https://t.co/e6FTSLCmuh to secure your site! #WordPress #Security #CVE
@transilienceai
11 Nov 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins for WordPress. Affects multiple versions. Remediation: Update to the latest version immediately to secure your site. Stay safe! 🔒 More info: https://t.co/e6FTSLCmuh #WordPress #SecurityUpdate
@transilienceai
11 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins for WordPress. Affects multiple versions. 🛡️ Remediation: Update to the latest version immediately to mitigate risks. Stay secure! 🔒 For more details: https://t.co/e6FTSLCmuh #WordPress #CVE
@transilienceai
9 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins. Affects multiple versions. 🛠️ Remediation: Update to the latest version as detailed in the changelog: https://t.co/e6FTSLCmuh 🔒 Stay secure and keep your plugins updated! #WordPress… https://t
@transilienceai
9 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10871 (Published: 2024-11-09) - Critical vulnerability in Trusty Plugins for WordPress. Affects multiple versions. 🚫 Ensure your site is secure by updating to the latest version immediately. For details, check the changeset: https://t.co/e6FTSLCmuh #WordPress… https:
@transilienceai
9 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10871: CRITICAL] WordPress plugin Category Ajax Filter up to version 2.8.2 is vulnerable to Local File Inclusion via 'params[caf-post-layout]' parameter, enabling attackers to execute arbitrary PHP code...#cybersecurity,#vulnerability https://t.co/k8iWHmMl2t https://t.c
@CveFindCom
9 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes

References

https://nvd.nist.gov/vuln/detail/CVE-2024-10871
https://plugins.trac.wordpress.org/browser/category-ajax-filter/tags/2.8.2/includes/functions.php#L180
https://plugins.trac.wordpress.org/changeset/3183800/
https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb03d81-ac33-487b-bf4d-927e8104866e?source=cve

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

References