Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:20 a.m.8 views

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

6.5CVSS6.5AI score0.0075EPSS
Exploits0References1
NVD
NVD
added 2024/11/26 7:15 a.m.12 views

CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

6.5CVSS0.0075EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/26 6:43 a.m.19 views

CVE-2024-10857 Product Input Fields for WooCommerce <= 1.9 - Authenticated (Contributor+) Arbitrary File Read

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handledownloads function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with...

6.5CVSS0.0075EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/25 12:0 a.m.12 views

WordPress Product Input Fields for WooCommerce Plugin <= 1.9 is vulnerable to Path Traversal

Software Product Input Fields for WooCommerce Type Plugin Vulnerable versions = 1.9 Fixed in 2.0 OWASP Top 10 A3: Injection Classification Path Traversal CVE CVE-2024-10857 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1aed7531d6f7 Credits 1337Wannabe Required...

6.5CVSS6.8AI score0.0075EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder