CVE-2024-39651
CVSS 3.1 Score 8.6 of 10 (high)
Details
Published Aug 13, 2024
CWE ID 22
Summary
CVE-2024-39651 is a newly disclosed path traversal vulnerability affecting the WPWeb WooCommerce PDF Vouchers plugin. This issue permits unauthorized file manipulation by exploiting improper limitations on file pathnames, allowing attackers to navigate outside of the intended directory. The vulnerability exists in versions prior to 4.9.5 of the plugin and could potentially lead to serious data breaches or system compromises. Users are strongly advised to update to the latest version of WPWeb WooCommerce PDF Vouchers as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share