Platform
wordpress
Component
strategery-migrations
Fixed in
1.0.1
CVE-2024-35745 describes an Arbitrary File Access vulnerability within the Strategery Migrations WordPress plugin. This flaw allows attackers to traverse directories and potentially access or manipulate files outside of the intended scope. Versions of Strategery Migrations prior to 1.0.1 are affected, and a patch has been released to address this issue.
The Arbitrary File Access vulnerability allows an attacker to read or write files on the server by manipulating the path used to access files. This could lead to the exposure of sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could also allow an attacker to modify critical system files, potentially leading to a complete compromise of the WordPress installation. The impact is particularly severe if the server hosts sensitive data or is part of a larger network, as the attacker could potentially use this vulnerability as a stepping stone for lateral movement.
CVE-2024-35745 was publicly disclosed on 2024-06-10. As of this writing, no public proof-of-concept exploits have been released, but the vulnerability's ease of exploitation suggests a potential for rapid exploitation. The EPSS score is likely to be assessed as medium due to the relatively straightforward nature of path traversal vulnerabilities and the wide use of WordPress. Monitor security advisories and threat intelligence feeds for any signs of active exploitation.
Exploit Status
EPSS
0.84% (75% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-35745 is to immediately upgrade Strategery Migrations to version 1.0.1 or later. If upgrading is not immediately feasible, consider implementing stricter file access controls on the WordPress server to limit the potential damage from a successful exploit. Web Application Firewalls (WAFs) configured to detect and block path traversal attempts can provide an additional layer of defense. Monitor WordPress logs for suspicious file access patterns, particularly requests containing directory traversal sequences like '../'.
Update the Strategery Migrations plugin to a version later than 1.0, if available. If no version is available, consider disabling or removing the plugin until a patched version is released. This will prevent arbitrary file deletion on your website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-35745 is a vulnerability in Strategery Migrations allowing attackers to access files outside intended directories. It has a HIGH severity (7.5) and affects versions up to 1.0.
If you are using Strategery Migrations version 1.0 or earlier, you are affected by this vulnerability. Upgrade to 1.0.1 to resolve the issue.
Upgrade Strategery Migrations to version 1.0.1 or later. Consider implementing WAF rules and stricter file access controls as additional security measures.
While no public exploits are currently available, the vulnerability's simplicity suggests a potential for rapid exploitation. Continuous monitoring is recommended.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.