|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-02-11 | |
| Rule Name: | WordPress File Upload Plugin Arbitrary File Read Vulnerability (CVE-2024-9047) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The File Upload plugin for WordPress has a path traversal vulnerability that affects all versions up to and including version 4.24.11 and is located in the wfu_file_downloader.php file. This allows an unauthenticated attacker to read or delete files outside the original intended directory. Successfully exploiting this vulnerability requires the target WordPress installation to use PHP 7.4 or earlier. | |
| Impact: | Attackers can upload viruses, Trojans, WebShell, other malicious scripts or pictures containing scripts to the server, and attackers can use these files for subsequent attacks. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |