The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
History

Tue, 19 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Vanquish user Extra Fields
CPEs cpe:2.3:a:vanquish:user_extra_fields:*:*:*:*:*:wordpress:*:*
Vendors & Products Vanquish user Extra Fields

Wed, 13 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Vanquish
Vanquish wordpress User Extra Fields
CPEs cpe:2.3:a:vanquish:wordpress_user_extra_fields:*:*:*:*:*:*:*:*
Vendors & Products Vanquish
Vanquish wordpress User Extra Fields
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 04:45:00 +0000

Type Values Removed Values Added
Description The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Title WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-11-13T04:29:07.068Z

Updated: 2024-11-13T15:04:31.817Z

Reserved: 2024-11-12T15:42:56.770Z

Link: CVE-2024-11150

cve-icon Vulnrichment

Updated: 2024-11-13T15:04:04.017Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-13T05:15:12.337

Modified: 2024-11-19T16:57:05.407

Link: CVE-2024-11150

cve-icon Redhat

No data.