CVE-2024-12209
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-12209: The WP Umbrella plugin for WordPress, before version 2.17.1, contains a Local File Inclusion vulnerability. This issue, affecting all versions up to and including 2.17.0, can be exploited through the 'umbrella-restore' action's 'filename' parameter. Unauthenticated attackers can include and execute arbitrary files on the server, leading to potential data breaches, access control bypasses, and code execution. This vulnerability poses a significant threat, particularly in cases where images and other seemingly safe file types can be uploaded and included.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Wp Umbrella Plugin
Affected Vendors
- WP Umbrella