Plattform
wordpress
Komponente
wpoptin
Behoben in
2.0.2
CVE-2024-47645 is a Path Traversal vulnerability affecting the Top Bar – PopUps plugin by WPOptin for WordPress. This flaw allows an attacker to potentially include arbitrary files on the server, leading to sensitive data exposure or even remote code execution. The vulnerability impacts versions of the plugin up to and including 2.0.1, with a fix available in version 2.0.2.
The Path Traversal vulnerability in Top Bar – PopUps allows attackers to bypass intended file access restrictions. By manipulating file paths, an attacker can include files outside of the intended directory, potentially gaining access to sensitive configuration files, source code, or other critical system files. Successful exploitation could lead to the disclosure of database credentials, API keys, or other confidential information. In a worst-case scenario, an attacker could leverage this vulnerability to execute arbitrary code on the server, compromising the entire WordPress installation and potentially affecting other connected systems. This is similar to other Local File Inclusion vulnerabilities where attackers leverage path manipulation to gain unauthorized access.
CVE-2024-47645 was publicly disclosed on 2024-10-16. The vulnerability's severity is rated as High (CVSS 7.5). There are currently no known public exploits or active campaigns targeting this vulnerability, but the ease of exploitation associated with Path Traversal vulnerabilities suggests that it could become a target. It is not currently listed on the CISA KEV catalog.
WordPress websites using the Top Bar – PopUps plugin, particularly those running versions 2.0.1 or earlier, are at risk. Shared hosting environments where file permissions are not tightly controlled are especially vulnerable, as an attacker could potentially exploit this flaw to gain access to other websites hosted on the same server.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/top-bar-popups-by-wpoptin/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/top-bar-popups-by-wpoptin/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.40% (61% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-47645 is to immediately upgrade the Top Bar – PopUps plugin to version 2.0.2 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file access permissions on the server and carefully validating all user-supplied input to prevent path manipulation. Web Application Firewalls (WAFs) configured to detect and block attempts to access files outside of the intended directory can also provide an additional layer of protection. Monitor WordPress access logs for suspicious file access attempts, particularly those involving directory traversal sequences like '../'.
Actualice el plugin WPOptin a la última versión disponible. La vulnerabilidad de inclusión de archivos locales permite a atacantes acceder a archivos sensibles en el servidor. La actualización corrige esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47645 is a Path Traversal vulnerability in the Top Bar – PopUps plugin for WordPress, allowing attackers to potentially include arbitrary files on the server.
Yes, if you are using Top Bar – PopUps by WPOptin version 2.0.1 or earlier, you are affected by this vulnerability.
Upgrade the Top Bar – PopUps plugin to version 2.0.2 or later to resolve this vulnerability. Consider temporary workarounds like WAF rules if immediate upgrade is not possible.
Active exploitation is not currently confirmed, but the vulnerability's potential impact warrants immediate remediation.
Check the WPOptin website and WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.