CVE-2024-12849

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 7, 2025
CWE ID 22

Summary

CVE-2024-12849 is a newly discovered vulnerability affecting the Error Log Viewer By WP Guru plugin for WordPress. The issue lies in the wp_ajax_nopriv_elvwp_log_download AJAX action, which is vulnerable to Arbitrary File Read. This flaw allows unauthenticated attackers to access and read the contents of arbitrary files on the server, potentially exposing sensitive information. The vulnerability impacts all versions of the plugin up to and including 1.0.1.3. Immediate updating to the latest version, or implementing the necessary patches, is recommended to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share