Platform
wordpress
Component
wp-file-checker
Fixed in
0.6.1
CVE-2024-35743 describes an Arbitrary File Access vulnerability within the SC filechecker component. This vulnerability allows attackers to potentially manipulate files on the system through path traversal techniques. It impacts versions of SC filechecker prior to 0.6, and a fix is available in version 0.6.1.
The Arbitrary File Access vulnerability allows an attacker to read, write, or even delete files on the server by manipulating file paths. This could lead to complete compromise of the WordPress installation, including data exfiltration, code execution, and denial of service. Successful exploitation could allow an attacker to gain access to sensitive configuration files, database credentials, or even upload malicious code. The potential blast radius extends to any data stored on the server accessible through the vulnerable file paths.
This vulnerability was publicly disclosed on 2024-06-10. Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion on KEV is pending. Monitor security advisories and threat intelligence feeds for updates.
Exploit Status
EPSS
0.17% (39% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-35743 is to immediately upgrade SC filechecker to version 0.6.1 or later. If upgrading is not immediately feasible, consider implementing strict file access controls on the server to limit the potential impact of a successful attack. WAF rules can be configured to block requests containing suspicious path traversal sequences (e.g., '../'). Regularly review file permissions and ensure that the web server user has minimal necessary privileges.
Actualice el plugin SC filechecker a una versión posterior a la 0.6. Si no hay una versión disponible, considere desinstalar el plugin hasta que se publique una versión corregida. Esto evitará la eliminación arbitraria de archivos en su servidor.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-35743 is a HIGH severity vulnerability allowing attackers to manipulate files via path traversal in SC filechecker versions up to 0.6, potentially leading to server compromise.
You are affected if you are using SC filechecker versions prior to 0.6.1. Check your plugin version and upgrade immediately if necessary.
Upgrade SC filechecker to version 0.6.1 or later to resolve this vulnerability. Consider implementing file access controls as an additional precaution.
Currently, there are no known active exploits targeting CVE-2024-35743, but it's crucial to apply the patch promptly to prevent future exploitation.
Refer to the official SC filechecker project website or repository for the latest security advisories and updates related to CVE-2024-35743.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.