5 matches found
📄 WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution
A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...
Exploit for Path Traversal in Iptanus Wordpress_File_Upload
The script is only intended for authorization system detection...
WordPress WordPress File Upload Plugin <= 4.24.11 is vulnerable to Path Traversal
Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.11 Fixed in 4.24.12 OWASP Top 10 A1: Broken Access Control Classification Path Traversal CVE CVE-2024-9047 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5fa6436aa19c Credits Arkadiusz Hydzik Required...
CVE-2024-9047
creationtimestamp| type| source ---|---|--- 2024-10-12 10:18:00+00:00| seen| https://t.me/cvedetector/7765 2024-12-25 05:21:22+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/9596 2024-12-29 05:07:27+00:00| seen| https://t.me/xeonthread/61 2025-01-25 10:00:05+00:00|...
CVE-2024-9047
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...