CVE-2024-9669

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 28, 2024
CWE ID 22

Summary

CVE-2024-9669 is a vulnerability affecting the File Manager Pro – Filester plugin for WordPress. This issue allows authenticated attackers with Administrator-level access to include and execute arbitrary files on the server through the 'fm_locale' parameter. By exploiting this Local JavaScript File Inclusion vulnerability, attackers can bypass access controls, obtain sensitive data, or achieve code execution. The vulnerability was only partially patched in version 1.8.5, leaving systems running older versions at risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share