The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary JavaScript files on the server, allowing the execution of any JavaScript code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
Mon, 09 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Softaculous
Softaculous fileorganizer Manage Wordpress And Website Files |
|
CPEs | cpe:2.3:a:softaculous:fileorganizer_manage_wordpress_and_website_files:*:*:*:*:*:*:*:* | |
Vendors & Products |
Softaculous
Softaculous fileorganizer Manage Wordpress And Website Files |
|
Metrics |
ssvc
|
Sat, 07 Dec 2024 09:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | |
Title | FileOrganizer <= 1.1.4 - Authenticated (Administrator+) Local JavaScript File Inclusion | |
Weaknesses | CWE-22 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-07T09:27:05.743Z
Updated: 2024-12-09T23:58:28.301Z
Reserved: 2024-11-08T00:40:26.083Z
Link: CVE-2024-11010
Vulnrichment
Updated: 2024-12-09T16:11:33.329Z
NVD
Status : Awaiting Analysis
Published: 2024-12-07T10:15:04.047
Modified: 2024-12-10T00:15:21.207
Link: CVE-2024-11010
Redhat
No data.