VDB
CVE-2024-9047
CVE-2024-9047
PUBLISHED
CVSS 9.800000190734863 CRITICAL
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
EPSS 93.62% · 99.8th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
93.62%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| iptanus | wordpress_file_upload | 0 |
| nickboss | WordPress File Upload | * |
| iptanus | wordpress_file_upload | 0 |
Exploit Intelligence
- Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. (github-poc-repo)
- Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. (github-poc-repo)
- Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. (github-poc-repo)
- Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. (github-poc-repo)
- Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable. (github-poc-repo)
- CVE-2024-9047, wfu_file_downloader.php (github-poc-repo)
- CVE-2024-9047, wfu_file_downloader.php (github-poc-repo)
- CVE-2024-9047, wfu_file_downloader.php (github-poc-repo)
- CVE-2024-9047, wfu_file_downloader.php (github-poc-repo)
- CVE-2024-9047, wfu_file_downloader.php (github-poc-repo)
…and 71 more exploits
Timeline
- Oct 12, 2024 CVE Published
- Oct 13, 2024 EPSS Score
- Oct 14, 2024 Coalition ESS Score
- Oct 16, 2024 Coalition ESS Score
- Nov 1, 2024 EPSS Score
- Nov 29, 2024 Coalition ESS Score
- Dec 9, 2024 EPSS Score
- Dec 28, 2024 EPSS Score
- Jan 27, 2025 EPSS Score
- Feb 3, 2025 EPSS Score
- Mar 13, 2025 EPSS Score
- Mar 17, 2025 EPSS Score