AI description
CVE-2024-9939 affects the WordPress File Upload plugin. Specifically, versions up to and including 4.24.13 are vulnerable. The vulnerability is a Path Traversal issue located in the `wfu_file_downloader.php` file. This flaw allows unauthenticated attackers to read files outside of the intended directory.
- Description
- The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
WordPress File Upload RCE (Part 2) : Full Disclosure of CVE-2024-11613 - When Patches Introduce New Vulnerabilities : https://t.co/YQAO4AvnHn Full Disclosure of CVE-2024-9939 & CVE-2024-11635 : https://t.co/NJV4TdNlur
@binitamshah
16 Mar 2025
3648 Impressions
9 Retweets
37 Likes
16 Bookmarks
0 Replies
0 Quotes
CVE-2024-9939 Path Traversal in WordPress File Upload Plugin Affects All Versions The WordPress File Upload plugin is at risk of Path Traversal in versions up to 4.24.13 through wfu_file_downloader.php. This can ... https://t.co/j5SVcwA4gX
@VulmonFeeds
8 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "7F70D5B6-B98B-4A80-AD66-10189FD67CE7",
"versionEndExcluding": "4.24.14"
}
],
"operator": "OR"
}
]
}
]