- Description
- The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE Alert: CVE-2024-12875 - https://t.co/6IEwvoQ22H #OSINT #ThreatIntel #CyberSecurity #cve_2024_12875
@RedPacketSec
22 Dec 2024
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12875 Directory Traversal Vulnerability in Easy Digital Downloads Plugin The Easy Digital Downloads plugin for WordPress has a Directory Traversal vulnerability in all versions up to 3.3.2. This issue is... https://t.co/Ke6Qk4ymvR
@VulmonFeeds
21 Dec 2024
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-12875 The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and inclu… https://t.co/QQp9YeydL5
@CVEnew
21 Dec 2024
801 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "57A2731D-24E1-417B-9BA0-BB6727C100C5",
"versionEndExcluding": "3.3.3"
}
],
"operator": "OR"
}
]
}
]