The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Metrics
Affected Vendors & Products
References
History
Tue, 19 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vanquish user Extra Fields
|
|
CPEs | cpe:2.3:a:vanquish:user_extra_fields:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Vanquish user Extra Fields
|
Wed, 13 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vanquish
Vanquish wordpress User Extra Fields |
|
CPEs | cpe:2.3:a:vanquish:wordpress_user_extra_fields:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vanquish
Vanquish wordpress User Extra Fields |
|
Metrics |
ssvc
|
Wed, 13 Nov 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | |
Title | WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-11-13T04:29:07.068Z
Updated: 2024-11-13T15:04:31.817Z
Reserved: 2024-11-12T15:42:56.770Z
Link: CVE-2024-11150
Vulnrichment
Updated: 2024-11-13T15:04:04.017Z
NVD
Status : Analyzed
Published: 2024-11-13T05:15:12.337
Modified: 2024-11-19T16:57:05.407
Link: CVE-2024-11150
Redhat
No data.