- Description
- The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
CVE-2024-9047: WordPress File Upload plugin for WordPress is vulnerable to a Path Traversal vulnerability in all versions up to, and including, 4.24.11 via the wfu_file_downloader.php... https://t.co/We7HMDaTkb https://t.co/yLy6u1jAX3
@cyber_advising
27 Jan 2025
1972 Impressions
10 Retweets
52 Likes
20 Bookmarks
1 Reply
0 Quotes
CVE-2024-9047: ##Exploit for WordPress #File Upload Plugin PoC: https://t.co/CXjJaLropF #CybersecurityNews #Trump
@Nxploited
25 Jan 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Wordpress plugin - 18K exposes devices 🤐 - POC - WordPress File Upload plugin, in the wfu_file_downloader.php file before version <= 4.24.11 - (CVE-2024-9047) https://t.co/O0f3uEprNc https://t.co/AzjlRfiGYv
@verylazytech
8 Jan 2025
44 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-12856 2 - CVE-2024-9047 3 - CVE-2024-3393 4 - CVE-2024-49112 5 - CVE-2024-12356 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Dec 2024
8 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9047: The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php PoC https://t.co/nd9XnoSuHC https://t.co/e1afMx0o5E
@cyber_advising
27 Dec 2024
1314 Impressions
5 Retweets
24 Likes
19 Bookmarks
1 Reply
0 Quotes
🚨CVE-2024-9047 WordPress File Upload Pluginwfu_file_downloader.php Arbitrary File Read Vulnerability Goby AI 2.0 can generate PoC/EXP code intelligently based on vulnerability details. For more information: 👉https://t.co/Z6gbFrwUai 👉Goby download link>https://t.co/6h35NysxD
@GobySec
25 Dec 2024
174 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "AF35B6ED-8B06-4E22-992F-3757DB27B144",
"versionEndExcluding": "4.24.12"
}
],
"operator": "OR"
}
]
}
]