CVE-2024-7135
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jul 31, 2024
CWE ID 862
Summary
CVE-2024-7135 is a vulnerability affecting the Tainacan plugin for WordPress. The issue lies in the 'get_file' function, which lacks necessary capability checks. This flaw permits authenticated attackers with Subscriber-level access or higher to gain unauthorized access to data and read arbitrary files on the server. Additionally, the function is susceptible to directory traversal, exacerbating the risk of sensitive information exposure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share