6 matches found
Exploit for Path Traversal in Kau-Boys Hello_World
CVE-2024-9224 Hello World = 2.1.1 - Authenticated Subscri...
CVE-2024-9224
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the helloworldlyric function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-9224
CVE-2024-9224 corresponds to the WordPress Hello World plugin (<= v2.1.1) Arbitrary File Read. The vulnerability is triggered via the hello_world_lyric() function, allowing authenticated users with subscriber-level access or higher to read arbitrary server files containing sensitive informatio...
CVE-2024-9224 Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the helloworldlyric function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
CVE-2024-9224 Hello World <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Read
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the helloworldlyric function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the...
WordPress Hello World Plugin <= 2.1.1 is vulnerable to Arbitrary File Download
Software Hello World Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-9224 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 936cc3342bfb Credits yudha Required privilege...