CVE-2024-7135

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 31, 2024
CWE ID 862

Summary

CVE-2024-7135 is a vulnerability affecting the Tainacan plugin for WordPress. The issue lies in the 'get_file' function, which lacks necessary capability checks. This flaw permits authenticated attackers with Subscriber-level access or higher to gain unauthorized access to data and read arbitrary files on the server. Additionally, the function is susceptible to directory traversal, exacerbating the risk of sensitive information exposure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share