CVE-2024-12315

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 12, 2025

Updated: Feb 25, 2025

CWE ID 922

Summary

CVE-2024-12315 is a newly disclosed vulnerability affecting the Export All Posts, Products, Orders, Refunds & Users plugin for WordPress. This issue allows unauthenticated attackers to access sensitive data by exploiting a vulnerability in the exports directory. The directory, located in /wp-content/uploads/smack_uci_uploads/exports/, may contain exported user data and other sensitive information. Versions up to and including 2.9.3 are affected, and successful exploitation can lead to significant data breaches. It is recommended that users of this plugin upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1Uei-w
https://www.cve.org/CVERecord?id=CVE-2024-12315
https://nvd.nist.gov/vuln/detail/CVE-2024-12315

Back to Vulnerability Database

CVE-2024-12315

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations