Plattform
wordpress
Komponente
strategery-migrations
Behoben in
1.0.1
CVE-2024-35745 describes an Arbitrary File Access vulnerability within the Strategery Migrations WordPress plugin. This flaw allows attackers to manipulate file paths, potentially leading to unauthorized access and modification of files on the server. Versions of Strategery Migrations prior to 1.0.1 are affected, and a patch has been released to address the issue.
The Arbitrary File Access vulnerability allows an attacker to read or write files outside of the intended directory. This could expose sensitive data such as configuration files, database credentials, or even source code. A successful exploit could lead to complete compromise of the WordPress installation and the underlying server. While the specific attack surface is tied to the plugin's functionality, the potential impact is significant, potentially enabling attackers to gain persistent access and execute arbitrary code.
CVE-2024-35745 was publicly disclosed on June 10, 2024. No public proof-of-concept (PoC) code has been released at the time of this writing, but the nature of the vulnerability makes it likely that PoCs will emerge. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation probability is considered medium due to the ease of path traversal exploitation and the plugin's popularity.
WordPress websites utilizing the Strategery Migrations plugin, particularly those running versions prior to 1.0.1, are at risk. Shared hosting environments where users have limited control over plugin configurations are also particularly vulnerable, as they may not be able to quickly apply updates.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/strategery-migrations/*• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/strategery-migrations/../../../../etc/passwd' # Check for directory traversaldisclosure
Exploit-Status
EPSS
0.84% (75% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade Strategery Migrations to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing strict file access controls on the WordPress server to limit the impact of a potential exploit. Web Application Firewalls (WAFs) configured to block path traversal attempts (e.g., using ../ sequences) can provide an additional layer of defense. Regularly review WordPress plugin permissions and ensure they adhere to the principle of least privilege.
Actualiza el plugin Strategery Migrations a una versión posterior a la 1.0, si existe. Si no hay una versión disponible, considera deshabilitar o eliminar el plugin hasta que se publique una versión corregida. Esto evitará la eliminación arbitraria de archivos en tu sitio web.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-35745 is a vulnerability in Strategery Migrations allowing attackers to access files outside intended directories. It has a HIGH severity (7.5) and affects versions up to 1.0.
If you are using Strategery Migrations version 1.0 or earlier, you are affected by this vulnerability. Upgrade to 1.0.1 to resolve the issue.
Upgrade Strategery Migrations to version 1.0.1 or later. Consider implementing WAF rules and stricter file access controls as additional security measures.
While no public exploits are currently available, the vulnerability's simplicity suggests a potential for rapid exploitation. Continuous monitoring is recommended.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.