{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9047", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-09-20T15:32:55.397Z", "datePublished": "2024-10-12T06:51:11.974Z", "dateUpdated": "2024-10-15T15:10:53.008Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-10-12T06:51:11.974Z"}, "affected": [{"vendor": "nickboss", "product": "WordPress File Upload", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.24.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier."}], "title": "WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "timeline": [{"time": "2024-09-20T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2024-10-11T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"affected": [{"vendor": "iptanus", "product": "wordpress_file_upload", "cpes": ["cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.24.11", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-14T15:33:17.620511Z", "id": "CVE-2024-9047", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T15:10:53.008Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9047", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-14T15:33:17.620511Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:*:*:*"], "vendor": "iptanus", "product": "wordpress_file_upload", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.24.11"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T15:10:46.604Z"}}], "cna": {"title": "WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php", "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "nickboss", "product": "WordPress File Upload", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.24.11"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-09-20T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2024-10-11T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload"}], "descriptions": [{"lang": "en", "value": "The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2024-10-12T06:51:11.974Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9047", "state": "PUBLISHED", "dateUpdated": "2024-10-15T15:10:53.008Z", "dateReserved": "2024-09-20T15:32:55.397Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-10-12T06:51:11.974Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AF35B6ED-8B06-4E22-992F-3757DB27B144", "versionEndExcluding": "4.24.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier."}, {"lang": "es", "value": "El complemento WordPress File Upload de WordPress es vulnerable a Path Traversal en todas las versiones hasta la 4.24.11 incluida a trav\u00e9s de wfu_file_downloader.php. Esto permite que atacantes no autenticados lean o eliminen archivos fuera del directorio original previsto. Para explotarlo con \u00e9xito, es necesario que la instalaci\u00f3n de WordPress en cuesti\u00f3n utilice PHP 7.4 o una versi\u00f3n anterior."}], "id": "CVE-2024-9047", "lastModified": "2025-03-12T18:03:50.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-10-12T07:15:02.170", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{}