CVE-2024-10708

CVSS 3.1 Score 4.9 of 10 (medium)

Details

Published Dec 10, 2024

Summary

CVE-2024-10708 is a newly disclosed vulnerability affecting the System Dashboard plugin for WordPress. This issue stems from the plugin's failure to validate user input used in a file path. An attacker who has obtained high privilege access, such as admin rights, could exploit this vulnerability to perform path traversal attacks. Successful exploitation enables the attacker to read arbitrary files on the affected server, posing a significant risk to sensitive data. It is crucial for WordPress users to update their System Dashboard plugin to version 2.8.15 or higher to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share