CVE-2024-9047

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload	Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*

History

12 Mar 2025, 18:03

Type	Values Removed	Values Added
References	~~() https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload -~~	() https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload - Patch
References	~~() https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve -~~	() https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve - Third Party Advisory
First Time		Iptanus Iptanus wordpress File Upload
CPE		cpe:2.3:a:iptanus:wordpress_file_upload::::::wordpress::*

Information

Published : 2024-10-12 07:15

Updated : 2025-03-12 18:03

NVD link : CVE-2024-9047

Mitre link : CVE-2024-9047

CVE.ORG link : CVE-2024-9047

JSON object : View

Products Affected

iptanus

wordpress_file_upload

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-9047", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-10-12T07:15:02.170", "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3164449/wp-file-upload", "tags": ["Patch"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/554a314c-9e8e-4691-9792-d086790ef40f?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier."}, {"lang": "es", "value": "El complemento WordPress File Upload de WordPress es vulnerable a Path Traversal en todas las versiones hasta la 4.24.11 incluida a trav\u00e9s de wfu_file_downloader.php. Esto permite que atacantes no autenticados lean o eliminen archivos fuera del directorio original previsto. Para explotarlo con \u00e9xito, es necesario que la instalaci\u00f3n de WordPress en cuesti\u00f3n utilice PHP 7.4 o una versi\u00f3n anterior."}], "lastModified": "2025-03-12T18:03:50.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AF35B6ED-8B06-4E22-992F-3757DB27B144", "versionEndExcluding": "4.24.12"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}