CVE-2024-9669
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Nov 28, 2024
CWE ID 22
Summary
CVE-2024-9669 is a vulnerability affecting the File Manager Pro – Filester plugin for WordPress. This issue allows authenticated attackers with Administrator-level access to include and execute arbitrary files on the server through the 'fm_locale' parameter. By exploiting this Local JavaScript File Inclusion vulnerability, attackers can bypass access controls, obtain sensitive data, or achieve code execution. The vulnerability was only partially patched in version 1.8.5, leaving systems running older versions at risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share