- Description
- The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
CVE-2024-11613 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrar..https://t.co/ImoYXWqcpA #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
13 Jan 2025
20 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11613 The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and inc… https://t.co/V67NbGgZq1
@CVEnew
8 Jan 2025
13 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A CVE of mine CVE-2024-11613 (CVSS:3.1 9.8 Critical) has been released today. Full disclosure exclusively on my blog https://t.co/Z46zGdurbe, on the 14th March 2025. You can read more about it at the link below https://t.co/OihGRXEX7D Please save the date.
@theabrahack
7 Jan 2025
2309 Impressions
2 Retweets
23 Likes
10 Bookmarks
1 Reply
1 Quote