CVE-2024-10011: Directory Traversal in BuddyPress
Platform
wordpress
Component
buddypress
Fixed in
14.1.1
CVE-2024-10011 is a Directory Traversal vulnerability discovered in the BuddyPress plugin for WordPress. This flaw allows authenticated attackers with Subscriber-level access or higher to access files outside the intended directory, potentially leading to sensitive data exposure or malicious file uploads. The vulnerability impacts versions of BuddyPress up to and including 14.1.0, and is specifically observed on Windows systems. A patch is available.
Detect this CVE in your project
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Impact and Attack Scenarios
The Directory Traversal vulnerability in BuddyPress allows authenticated attackers to bypass intended file access restrictions. By manipulating the 'id' parameter, an attacker can navigate the file system and potentially read or write files outside the web root. This could lead to the exposure of sensitive configuration files, database credentials, or other critical data. Furthermore, the ability to upload files to directories outside the web root presents a significant risk, as attackers could potentially execute arbitrary code or compromise the entire server. The vulnerability’s restriction to Windows environments narrows the immediate scope, but still poses a risk for WordPress installations on Windows servers.
Exploitation Context
CVE-2024-10011 was publicly disclosed on 2024-10-25. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The vulnerability’s Windows-specific nature may limit its immediate exploitability, but it remains a potential risk for affected systems.
Threat Intelligence
Exploit Status
EPSS
1.31% (80% percentile)
CISA SSVC
CVSS Vector
What do these metrics mean?
- Attack Vector
- Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
- Attack Complexity
- Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
- Privileges Required
- Low — any valid user account is sufficient. Basic authenticated access required.
- User Interaction
- None — attack is automatic and silent. Victim does nothing: no click, no file open.
- Scope
- Unchanged — impact is limited to the vulnerable component itself.
- Confidentiality
- High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
- Integrity
- High — attacker can write, modify, or delete any data: databases, config files, or code.
- Availability
- None — no availability impact. Service remains fully operational.
Affected Software
Package Information
- Active installs
- 100KPopular
- Plugin rating
- 4.1
- Requires WordPress
- 6.1+
- Compatible up to
- 6.8.5
- Requires PHP
- 5.6+
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2024-10011 is to upgrade BuddyPress to a patched version. The vendor has not specified a fixed version, so monitor the official WordPress plugin repository for updates. As a temporary workaround, implement a Web Application Firewall (WAF) rule to block requests containing suspicious characters or patterns in the 'id' parameter. Additionally, restrict file upload permissions and carefully review any uploaded files for malicious content. After upgrading, confirm the fix by attempting to access files outside the intended directory using a crafted URL with the 'id' parameter.
How to fix
Actualice el plugin BuddyPress a la última versión disponible. Esto solucionará la vulnerabilidad de recorrido de directorios. Si no puede actualizar, considere desactivar el plugin hasta que pueda realizar la actualización.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2024-10011 — Directory Traversal in BuddyPress?
CVE-2024-10011 is a Directory Traversal vulnerability affecting BuddyPress versions up to 14.1.0. It allows authenticated attackers to access files outside the intended directory, potentially leading to data exposure or malicious file uploads.
Am I affected by CVE-2024-10011 in BuddyPress?
You are affected if you are using BuddyPress version 14.1.0 or earlier, and your WordPress installation is on a Windows server. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2024-10011 in BuddyPress?
Upgrade BuddyPress to the latest available version. Monitor the WordPress plugin repository for updates. Implement WAF rules to block suspicious requests as a temporary workaround.
Is CVE-2024-10011 being actively exploited?
As of now, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly to prevent potential attacks.
Where can I find the official BuddyPress advisory for CVE-2024-10011?
Refer to the official WordPress plugin repository and BuddyPress project website for updates and advisories related to CVE-2024-10011.
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.