Platform
wordpress
Component
stockholm
Fixed in
9.6.1
CVE-2024-34552 describes a Path Traversal vulnerability within the Select-Themes Stockholm WordPress plugin. This flaw allows attackers to potentially include arbitrary files on the server, leading to sensitive data exposure. The vulnerability impacts versions of Stockholm up to 9.6, and a patch is available in version 9.6.1.
The Path Traversal vulnerability in Select-Themes Stockholm allows an attacker to bypass intended access restrictions and include arbitrary files on the server. By manipulating file paths, an attacker could potentially read configuration files, source code, or other sensitive data. Successful exploitation could lead to unauthorized access to critical system information, potentially enabling further attacks such as remote code execution if the included file contains executable code. The blast radius extends to any system running a vulnerable version of the Stockholm plugin, and the impact is amplified if the server hosts other sensitive applications or data.
CVE-2024-34552 was publicly disclosed on 2024-06-04. No known public proof-of-concept exploits are currently available, but the vulnerability's nature makes it likely that exploits will be developed. The vulnerability is not currently listed on CISA KEV. Given the ease of exploitation associated with Path Traversal vulnerabilities, it is prudent to apply the patch promptly.
Exploit Status
EPSS
0.65% (71% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-34552 is to immediately upgrade the Select-Themes Stockholm plugin to version 9.6.1 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal attempts (e.g., ../ sequences). Carefully review file permissions on the server to ensure that sensitive files are not accessible by the web server user. Monitor WordPress logs for suspicious file access attempts.
Actualice el tema Stockholm a la última versión disponible. Si no hay una versión disponible, considere deshabilitar o reemplazar el tema con una alternativa segura. Esté atento a las actualizaciones de seguridad del proveedor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-34552 is a Path Traversal vulnerability in the Select-Themes Stockholm WordPress plugin, allowing attackers to potentially include arbitrary files on the server.
You are affected if you are using Select-Themes Stockholm version 9.6 or earlier. Upgrade to 9.6.1 to resolve the issue.
Upgrade the Select-Themes Stockholm plugin to version 9.6.1 or later. Consider WAF rules as a temporary workaround if immediate upgrade is not possible.
While no public exploits are currently known, the vulnerability's nature suggests it may be targeted soon. Prompt patching is recommended.
Refer to the Select-Themes website and WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.