Lucene search

[email protected]NVD:CVE-2024-5598

HistoryJun 29, 2024 - 5:15 a.m.

CVE-2024-5598

2024-06-2905:15:02

[email protected]

web.nvd.nist.gov

wordpress

file manager

sensitive information exposure

cve-2024-5598

unauthenticated attackers

trash folder

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.3%

JSON

The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the ‘fma_local_file_system’ function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.

Affected configurations

Nvd

Node

advancedfilemanageradvanced_file_managerRange<5.2.5wordpress

VendorProductVersionCPE
advancedfilemanageradvanced_file_manager*cpe:2.3:a:advancedfilemanager:advanced_file_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
advancedfilemanager	advanced_file_manager	*	cpe:2.3:a:advancedfilemanager:advanced_file_manager::::::wordpress::*

References

plugins.trac.wordpress.org/browser/file-manager-advanced/trunk/application/class_fma_connector.php#L13

plugins.trac.wordpress.org/changeset/3107587/

www.wordfence.com/threat-intel/vulnerabilities/id/9d4ff5ed-8857-46b8-942b-ac0f47880a95?source=cve

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.3%

JSON

Related for NVD:CVE-2024-5598

vulnrichment1 cve1 cvelist1 wordfence1