Plattform
wordpress
Komponente
wpextended
Behoben in
3.0.9
CVE-2024-8104 is a Directory Traversal vulnerability affecting the WP Extended WordPress plugin. This vulnerability allows authenticated attackers, with subscriber access or higher, to read arbitrary files on the server. Versions of the plugin up to and including 3.0.8 are affected. A patch is available, and users are strongly advised to upgrade immediately.
The Directory Traversal vulnerability in WP Extended allows an authenticated attacker to bypass intended file access restrictions. By exploiting the downloadfileajax function, an attacker can craft malicious requests to read files outside of the intended directory. This could expose configuration files, database credentials, source code, or other sensitive information stored on the server. The potential impact includes data breaches, unauthorized access to systems, and potential for further exploitation if exposed credentials are used to compromise other systems.
CVE-2024-8104 was publicly disclosed on 2024-09-04. No public proof-of-concept (POC) code has been released at the time of writing, but the vulnerability's nature makes it likely that a POC will emerge. The EPSS score is likely to be medium, given the ease of exploitation once an attacker has authenticated access to the WordPress site. It is not currently listed on the CISA KEV catalog.
WordPress websites using the WP Extended plugin, particularly those with subscriber-level users or higher, are at risk. Shared hosting environments where plugin installations are managed centrally are also at increased risk, as a compromised plugin on one site could potentially impact multiple sites.
• wordpress / composer / npm:
grep -r "download_file_ajax" /var/www/html/wp-content/plugins/wp-extended/• generic web:
curl -I http://your-wordpress-site.com/wp-content/plugins/wp-extended/download_file_ajax?file=../../../../etc/passwd• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'wp-extended'disclosure
Exploit-Status
EPSS
3.09% (87% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-8104 is to upgrade the WP Extended plugin to version 3.0.9 or later, which contains the fix. If immediate upgrading is not possible, consider implementing temporary workarounds. These may include restricting file access permissions on the server to limit the attacker's ability to read arbitrary files. Additionally, implement a Web Application Firewall (WAF) rule to block requests containing suspicious path traversal sequences (e.g., ../). After upgrading, verify the fix by attempting to access a file outside the intended directory via the plugin's AJAX endpoint; access should be denied.
Actualice el plugin The Ultimate WordPress Toolkit – WP Extended a la última versión disponible. La vulnerabilidad de recorrido de directorios permite a usuarios autenticados con roles de suscriptor o superior leer archivos arbitrarios en el servidor. La actualización corrige esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-8104 is a Directory Traversal vulnerability in the WP Extended WordPress plugin, allowing authenticated users to read arbitrary files on the server.
You are affected if you are using WP Extended version 3.0.8 or earlier. Check your plugin version and upgrade immediately.
Upgrade to a version of WP Extended newer than 3.0.8. As a temporary workaround, implement WAF rules to restrict file access.
Currently, there are no confirmed reports of active exploitation, but the vulnerability's simplicity suggests potential for future exploitation.
Refer to the WP Extended plugin website or the WordPress plugin repository for the latest security advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.