CVE-2024-9047

Summary

CVE-2024-9047 is a newly disclosed vulnerability affecting the WordPress File Upload plugin up to version 4.24.11. This issue allows unauthenticated attackers to perform Path Traversal attacks on targeted WordPress installations using the wfu_file_downloader.php file. By exploiting this vulnerability, attackers can read or delete files outside of the originally intended directory, posing a significant security risk. The exploit is successful only when the targeted WordPress installation is using PHP 7.4 or earlier versions. It is crucial for WordPress users to update their plugins to the latest version as soon as possible to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.