Lucene search
PatchstackCVELIST:CVE-2024-35712HistoryJun 10, 2024 - 3:53 p.m.
CVE-2024-35712 WordPress Database Cleaner: Clean, Optimize & Repair plugin <= 1.0.5 - Arbitrary File Read vulnerability
2024-06-1015:53:53
CWE-22
Patchstack
www.cve.org
2
wordpress
database cleaner
arbitrary file read
vulnerability
path traversal
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.1%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Jordy Meow Database Cleaner allows Relative Path Traversal.This issue affects Database Cleaner: from n/a through 1.0.5.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "database-cleaner",
"product": "Database Cleaner",
"vendor": "Jordy Meow",
"versions": [
{
"changes": [
{
"at": "1.0.6",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
wpvulndb
wpvulndb
Database Cleaner < 1.0.6 - Authenticated (Admin+) Arbitrary File Read
2024-06-13 00:00:00
cve
cve
CVE-2024-35712
2024-06-10 16:15:16
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-35712
2024-06-10 16:15:16
wordfence
wordfence
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.1%
Related for CVELIST:CVE-2024-35712