CVE-2024-12861

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 30, 2025

Updated: Jan 31, 2025

CWE ID 73

Summary

CVE-2024-12861 is a vulnerability affecting the W2S – Migrate WooCommerce to Shopify plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to arbitrarily read files on the server through the 'viw2s_view_log' AJAX action. The vulnerability puts sensitive information at risk, as the contents of arbitrary files can be accessed. Versions up to and including 1.2.1 of the plugin are vulnerable. Users are strongly urged to update the plugin to a secure version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1x9sqH
https://www.cve.org/CVERecord?id=CVE-2024-12861
https://nvd.nist.gov/vuln/detail/CVE-2024-12861

Back to Vulnerability Database

CVE-2024-12861

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations