- Description
- The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
CVE-2024-13550 Path Traversal Vulnerability in WordPress ABC Notation Plugin Up to 6.1.3 https://t.co/YRxK7yR616
@VulmonFeeds
25 Jan 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13550 The ABC Notation plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.1.3 via the 'file' attribute of the 'abcjs' shortcode. T… https://t.co/ZjQQbMTjHC
@CVEnew
25 Jan 2025
306 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paulrosen:abc_notation:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "27D91FF7-FDE2-42A0-BA38-6380F7E92B7B",
"versionEndIncluding": "6.1.3"
}
],
"operator": "OR"
}
]
}
]