Plattform
wordpress
Komponente
designthemes-core-features
Behoben in
4.7.1
CVE-2024-13471 describes an Arbitrary File Access vulnerability within the DesignThemes Core Features plugin for WordPress. This vulnerability allows unauthenticated attackers to read arbitrary files on the server, potentially exposing sensitive data and system information. The vulnerability impacts versions of the plugin up to and including 4.7. A fix is available via plugin update.
Successful exploitation of CVE-2024-13471 could allow an attacker to gain access to sensitive information stored on the WordPress server. This could include configuration files, database credentials, source code, or other confidential data. The attacker does not need to authenticate to exploit this vulnerability, significantly broadening the potential attack surface. The ability to read arbitrary files could also be a stepping stone to further compromise the system, potentially leading to remote code execution if the attacker can leverage the accessed files to gain additional privileges.
CVE-2024-13471 was publicly disclosed on 2025-03-05. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, due to the lack of authentication requirements, warrants careful monitoring.
WordPress websites using the DesignThemes Core Features plugin, particularly those running versions 4.7 or earlier, are at risk. Shared hosting environments where users have limited control over plugin installations are especially vulnerable. Websites with sensitive data stored in easily accessible locations on the server are also at higher risk.
• wordpress / composer / npm:
grep -r 'dt_process_imported_file' /var/www/html/wp-content/plugins/design-themes-core-features/• generic web:
curl -I http://your-wordpress-site.com/wp-content/plugins/design-themes-core-features/dt_process_imported_file.php?file=../../../../etc/passwd• wordpress / composer / npm:
wp plugin list --status=inactive | grep design-themes-core-featuresdisclosure
Exploit-Status
EPSS
1.53% (81% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-13471 is to immediately update the DesignThemes Core Features plugin to a version that includes the security fix. As there is no specific workaround, ensuring the plugin is up-to-date is critical. Consider implementing stricter file permissions on the WordPress server to limit the potential damage if the vulnerability is exploited before an update can be applied. Regularly review WordPress plugin installations and remove any unused or outdated plugins.
Actualizar el plugin DesignThemes Core Features a una versión posterior a la 4.7. Si no hay una actualización disponible, considere deshabilitar el plugin hasta que se publique una versión corregida.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-13471 is a vulnerability in the DesignThemes Core Features WordPress plugin allowing unauthenticated attackers to read arbitrary files. It has a CVSS score of 7.5 (HIGH) and affects versions up to 4.7.
You are affected if your WordPress site uses the DesignThemes Core Features plugin version 4.7 or earlier. Check your plugin versions immediately.
Update the DesignThemes Core Features plugin to the latest available version. There are no known workarounds beyond updating the plugin.
As of now, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the DesignThemes website or WordPress plugin repository for the latest advisory and update information regarding CVE-2024-13471.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.