CVE-2024-10708
CVSS 3.1 Score 4.9 of 10 (medium)
Details
Summary
CVE-2024-10708 is a newly disclosed vulnerability affecting the System Dashboard plugin for WordPress. This issue stems from the plugin's failure to validate user input used in a file path. An attacker who has obtained high privilege access, such as admin rights, could exploit this vulnerability to perform path traversal attacks. Successful exploitation enables the attacker to read arbitrary files on the affected server, posing a significant risk to sensitive data. It is crucial for WordPress users to update their System Dashboard plugin to version 2.8.15 or higher to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.