CVE-2024-12849

Published Jan 7, 2025

Last updated 2 months ago

CVSS high 7.5

Overview

Description
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2024-12849 (CVSS:7.5, HIGH) is Awaiting Analysis. The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and inc..https://t.co/uWvm8W0paf #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    12 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References