The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 08 Oct 2024 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Hypestudio
Hypestudio social Web Suite
CPEs cpe:2.3:a:hypestudio:social_web_suite:*:*:*:*:*:wordpress:*:*
Vendors & Products Hypestudio
Hypestudio social Web Suite

Thu, 03 Oct 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 03 Oct 2024 03:45:00 +0000

Type Values Removed Values Added
Description The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Title Social Web Suite – Social Media Auto Post, Social Media Auto Publish <= 4.1.11 - Directory Traversal to Arbitrary File Download
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2024-10-03T15:24:55.745Z

Reserved: 2024-08-30T14:53:40.849Z

Link: CVE-2024-8352

cve-icon Vulnrichment

Updated: 2024-10-03T15:24:52.205Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-03T04:15:04.613

Modified: 2024-10-08T14:17:34.707

Link: CVE-2024-8352

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.