WordPress Plugin Vulnerabilities

Product Input Fields for WooCommerce < 2.0 - Contributor+ Arbitrary File Read

Description

The plugin is vulnerable to Directory Traversal via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Affects Plugins

Plugin icon
product-input-fields-for-woocommerce
Fixed in 2.0

References

CVE
CVE-2024-10857
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e45207af-3886-4d95-9cd8-5ecdc683dc58

Classification

Type
TRAVERSAL
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
1337_Wannabe
Verified
No
WPVDB ID
2b29747c-f31a-4979-8906-8845f751b0e8

Timeline

Publicly Published
2024-11-25 (about 1 year ago)
Added
2024-12-02 (about 1 year ago)
Last Updated
2024-12-02 (about 1 year ago)

Other

Published
Title
Published
2022-10-28
Title
Ultimate Member < 2.5.1 - Admin+ RCE
Published
2023-02-28
Title
GMace <= 1.5.2 - Admin+ Path Traversal
Published
2023-11-13
Title
Frontend File Manager < 22.7 - Editor+ Arbitrary File Download
Published
2023-05-16
Title
WP < 6.2.1 - Directory Traversal via Translation Files
Published
2019-07-12
Title
Ad Inserter <= 2.4.19 - Authenticated Path Traversal