CVE-2024-11289

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 6, 2024
CWE ID 98

Summary

CVE-2024-11289 is a local file inclusion vulnerability affecting the Soledad theme for WordPress. Versions up to 8.5.9 are susceptible to this issue, which can be exploited through several functions such as penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This vulnerability allows unauthenticated attackers to include and execute PHP files on the server, potentially granting access to sensitive data or enabling code execution. The exploitability of this vulnerability is limited to Windows systems. Successful exploitation could lead to significant security risks, including bypassing access controls and achieving unauthorized code execution. Users of the Soledad theme for WordPress are encouraged to update to the latest version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share