What is CVE-2024-43135 — Path Traversal in WPCafe?

CVE-2024-43135 is a Path Traversal vulnerability affecting the WPCafe WordPress plugin, allowing attackers to potentially include arbitrary files on the server.

Am I affected by CVE-2024-43135 in WPCafe?

You are affected if you are using WPCafe version 2.2.28 or earlier. Upgrade to version 2.2.29 to resolve the issue.

How do I fix CVE-2024-43135 in WPCafe?

Upgrade the WPCafe plugin to version 2.2.29 or later. Consider temporary workarounds like WAF rules and file permission restrictions if immediate upgrade is not possible.

Is CVE-2024-43135 being actively exploited?

As of August 2024, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for future exploitation.

Where can I find the official WPCafe advisory for CVE-2024-43135?

Refer to the official WPCafe plugin website or WordPress plugin repository for the latest advisory and update information.

CVE-2024-43135 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2024-43135 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• wordpress / composer / npm:

grep -r "../" /var/www/html/wp-content/plugins/wpcafe/

• wordpress / composer / npm:

wp plugin list --status=inactive | grep wpcafe

• wordpress / composer / npm:

curl -I http://your-wordpress-site.com/wp-content/plugins/wpcafe/wp-cafe.php?page=../../../../etc/passwd | head -n 1

WordPress WPCafe plugin <= 2.2.28 - Local File Inclusion kwetsbaarheid

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2024-43135 — Path Traversal in WPCafe?

Am I affected by CVE-2024-43135 in WPCafe?

How do I fix CVE-2024-43135 in WPCafe?

Is CVE-2024-43135 being actively exploited?

Where can I find the official WPCafe advisory for CVE-2024-43135?

Pakketinformatie

Is jouw project getroffen?

Detecteer deze CVE in je project