CVE-2024-34762

2024-06-1016:15:13

CWE-22

[email protected]

web.nvd.nist.gov

vulnerability

security audit

improper limitation

path traversal

php

local file inclusion

wpengine inc advanced custom fields pro

cve-2024-34762

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

10.6%

JSON

Vulnerability discovered by executing a planned security audit.

Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WPENGINE INC Advanced Custom Fields PRO allows PHP Local File Inclusion.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10.

References

patchstack.com/database/vulnerability/advanced-custom-fields-pro/wordpress-advanced-custom-fields-pro-plugin-6-2-10-contributor-local-file-inclusion-vulnerability?_s_id=cve