CVE-2024-12152

7 Ene 2025

Título es

CVE-2024-12152

Mar, 07/01/2025 – 10:15

Tipo

CWE-22

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-12152

Descripción en

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

07/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3215735%40mipl-wc-multisite-sync&new=3215735%40mipl-wc-multisite-sync

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3216574%40mipl-wc-multisite-sync&new=3216574%40mipl-wc-multisite-sync

https://www.wordfence.com/threat-intel/vulnerabilities/id/575d1e24-d23d-4589-bb71-f52efec1ac58?source=cve

Enviar en el boletín