CVE-2024-12209

Published Dec 8, 2024

Last updated 3 months ago

CVSS critical 9.8

Overview

Description
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-98

Social media

Hype score
Not currently trending

  1. CVE-2024-12209: Local File Inclusion Vulnerability in WP Umbrella Plugin https://t.co/6q6s4IhJAB

    @_havij

    29 Dec 2024

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. #exploit 1. A Practical Guide to PrintNightmare in 2024 (updated Oct 5) https://t.co/HsGqqx3KCB ]-> PnP bypass 2. CVE-2024-12209: WP Umbrella Unauthenticated LFI https://t.co/pM3EvOiZWC 3. CVE-2024-30085: Windows 11 23H2 EoP https://t.co/yltdUnMYnQ

    @ksg93rd

    26 Dec 2024

    1587 Impressions

    6 Retweets

    36 Likes

    14 Bookmarks

    0 Replies

    0 Quotes

  3. WordPress WP Umbrella Plugin の脆弱性 CVE-2024-12209 が FIX:3万件のサイトが危険な状態に! https://t.co/UbjZN7a7To 多彩な機能を持つ WP Umbrella だけに、この脆弱性は怖いですね。ご利用のチームは、アップデートを ご確認ください。 #OpenSource #Plugin #Vulnerability #WordPress… https://t.co/1s5S2IsXLf

    @iototsecnews

    16 Dec 2024

    118 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-12209 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all ve..https://t.co/P3YHpUqwqI #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    12 Dec 2024

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. <セキュリティニュース> WordPressプラグイン「WP Umbrella」で重大な脆弱性 ※2.17.0以前のバージョン 脆弱性:CVE-2024-12209 内容 :リモートで任意のファイルを不正に読み込まれる恐れ 対策 :バージョンを「2.17.1」以降へ更新 詳細:https://t.co/SbJkx5Tno0

    @ColorfulBoxJp

    11 Dec 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE Alert: Critical Wp Umbrella Unauthenticated Local File Inclusion Vulnerability🚨 Vulnerability Details: CVE-2024-12209 (CVSS v3 9.8/10) Wp Umbrella Unauthenticated Local File Inclusion Vulnerability Impact A Successful exploit may allow unauthenticated attackers to… http

    @CyberxtronTech

    10 Dec 2024

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. #CybersecurityNews 🚨 A critical vulnerability (CVE-2024-12209) in WP Umbrella plugin affects 30,000+ websites, allowing attackers complete control. Update to version 2.17.1 to mitigate risks! #WPUmbrellaVulnerability #LocalFileInclusion #WebSecurityAler… https://t.co/eeNVMlG6lv

    @TweetThreatNews

    9 Dec 2024

    3 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-12209 alert 🚨 The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. https://t.co/TEEUrn5aSR https:/

    @Patrowl_io

    9 Dec 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️WindowsにNTLM認証情報の窃取可能にする新たなゼロデイ、非公式パッチがリリース 🚨人気のWordPressプラグインWP Umbrellaに重大な脆弱性:CVE-2024-12209(CVSS 9.8) 〜サイバーセキュリティ週末の話題〜 https://t.co/IwagWHvZBu #セキュリティ #インテリジェンス #OSINT

    @MachinaRecord

    9 Dec 2024

    201 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  10. A severe vulnerability was disclosed for wphealth WP Umbrella Plugin (CVE-2024-12209) https://t.co/sYxh4bnXBp

    @vuldb

    8 Dec 2024

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. WordPressのバックアッププラグイン、WP Umbrellaに重大(Critical)な脆弱性。CVE-2024-12209はCVSSスコア9.8で、未認証でのローカルファイルインクルージョン。最新版で修正済み。 https://t.co/1vnH4Q6VDJ

    @__kokumoto

    8 Dec 2024

    858 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. CVE-2024-12209 Local File Inclusion Vulnerability in WordPress WP Umbrella Plugi... https://t.co/hBHEDgICFX Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    8 Dec 2024

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Vulnerability Exposes 30,000 Websites to Compromise https://t.co/w5lpbPNj3h

    @Dinosn

    8 Dec 2024

    3818 Impressions

    22 Retweets

    52 Likes

    15 Bookmarks

    1 Reply

    2 Quotes

  14. [CVE-2024-12209: CRITICAL] Warning: WP Umbrella plugin for WordPress, versions up to 2.17.0, vulnerable to Local File Inclusion. Unauthenticated attackers can execute arbitrary code on the server. Update ASAP!#cybersecurity,#vulnerability https://t.co/kMNmeDYXy7 https://t.co/Ypyj

    @CveFindCom

    8 Dec 2024

    86 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-12209 The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'f… https://t.co/gu77fkAPqC

    @CVEnew

    8 Dec 2024

    606 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Vulnerability Exposes 30,000 Websites to Compromise Critical security vulnerability discovered in WP Umbrella plugin. Learn about CVE-2024-12209 and how it could allow attackers to take control of websites https://t.co/04qu9isKKu

    @the_yellow_fall

    8 Dec 2024

    338 Impressions

    1 Retweet

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  17. 🗣 CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Vulnerability Exposes 30,000 Websites to Compromise https://t.co/1mtgXisM8n

    @fridaysecurity

    8 Dec 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References