CVE-2024-12209

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 8, 2024
CWE ID 98

Summary

CVE-2024-12209: The WP Umbrella plugin for WordPress, before version 2.17.1, contains a Local File Inclusion vulnerability. This issue, affecting all versions up to and including 2.17.0, can be exploited through the 'umbrella-restore' action's 'filename' parameter. Unauthenticated attackers can include and execute arbitrary files on the server, leading to potential data breaches, access control bypasses, and code execution. This vulnerability poses a significant threat, particularly in cases where images and other seemingly safe file types can be uploaded and included.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Wp Umbrella Plugin

Affected Vendors

  • WP Umbrella