Description
The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| galdub | Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager | unaffected |
|
||||||
| Premio | Folders Pro | unaffected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-26993 | The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server. |
References
History
No history.
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2024-08-01T18:56:22.631Z
Reserved: 2024-02-29T17:11:37.666Z
Link: CVE-2024-2023
Vulnrichment
Updated: 2024-08-01T18:56:22.631Z
NVD
Status : Awaiting Analysis
Published: 2024-06-14T13:15:50.960
Modified: 2024-11-21T09:08:50.197
Link: CVE-2024-2023
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses
No weakness.