प्लेटफ़ॉर्म
wordpress
घटक
easy-social-share-buttons3
में ठीक किया गया
9.4.1
CVE-2024-31300 describes a Path Traversal vulnerability within the Easy Social Share Buttons plugin for WordPress. This flaw allows attackers to potentially include arbitrary files on the server, leading to sensitive data exposure or even remote code execution. The vulnerability impacts versions of the plugin up to and including 9.4, and a patch is available in version 9.4.1.
The core impact of CVE-2024-31300 lies in its ability to facilitate PHP Local File Inclusion (LFI). An attacker could craft a malicious URL that leverages the path traversal vulnerability to request files outside of the intended directory. This could expose configuration files containing database credentials, API keys, or other sensitive information. In a worst-case scenario, an attacker might be able to include a PHP script they control, leading to remote code execution and complete compromise of the WordPress site. The blast radius extends to any data stored on the server accessible via PHP, including user data, media files, and application code.
CVE-2024-31300 was publicly disclosed on May 17, 2024. While no active exploitation campaigns have been confirmed, the availability of a public proof-of-concept is likely to increase the risk of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential impact, it is considered a high-priority vulnerability to address.
WordPress websites utilizing the Easy Social Share Buttons plugin, particularly those running versions 9.4 or earlier, are at risk. Shared hosting environments are especially vulnerable, as they often have limited control over plugin configurations and security settings. Sites with weak file permissions or inadequate WAF protection are also at increased risk.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/easy-social-share-buttons/• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/easy-social-share-buttons/../../../../etc/passwd' # Check for file disclosuredisclosure
एक्सप्लॉइट स्थिति
EPSS
1.34% (80% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-31300 is to immediately upgrade the Easy Social Share Buttons plugin to version 9.4.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a temporary workaround by restricting file access permissions within the plugin's directory. Web Application Firewalls (WAFs) can be configured to block requests containing path traversal sequences (e.g., ../). Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Actualice el plugin Easy Social Share Buttons a la última versión disponible. La vulnerabilidad de inclusión de archivos locales permite a atacantes acceder a archivos sensibles del servidor. La actualización corrige esta vulnerabilidad y protege su sitio web.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-31300 is a Path Traversal vulnerability in the Easy Social Share Buttons plugin for WordPress, allowing attackers to potentially include arbitrary files on the server.
Yes, if you are using Easy Social Share Buttons version 9.4 or earlier, you are affected by this vulnerability.
Upgrade the Easy Social Share Buttons plugin to version 9.4.1 or later to resolve the vulnerability. Consider temporary workarounds if immediate upgrade is not possible.
While no active exploitation campaigns have been confirmed, the availability of a public proof-of-concept suggests an increased risk of exploitation.
Refer to the appscreo website and WordPress plugin repository for the latest advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।