CVE-2024-8104

2024-09-0407:15:03

CWE-22

[email protected]

web.nvd.nist.gov

wordpress

directory traversal

vulnerability

authentication

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.9%

JSON

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0.8 via the download_file_ajax function. This makes it possible for authenticated attackers, with subscriber access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Affected configurations

Nvd

Node

wpextendedwp_extendedRange<3.0.9wordpress

VendorProductVersionCPE
wpextendedwp_extended*cpe:2.3:a:wpextended:wp_extended:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpextended	wp_extended	*	cpe:2.3:a:wpextended:wp_extended::::::wordpress::*

References

plugins.trac.wordpress.org/browser/wpextended/trunk/includes/libraries/wpext_export/wpext_export.php#L137

plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3145430%40wpextended%2Ftrunk&old=3134345%40wpextended%2Ftrunk&sfp_email=&sfph_mail=

www.wordfence.com/threat-intel/vulnerabilities/id/0fad1834-0ee1-4542-a5a7-55a32861c81d?source=cve