Social Share Buttons for WordPress <= 2.7 – Unauthenticated Image Upload & Path Traversal | CVE 2024-13117 | Plugin Vulnerabilities

Description

The plugin allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded

Proof of Concept

1. Go to https://example.com/wp-content/plugins/share-buttons/upload/
2. Upload an image
3. It will be accessible at https://example.com/wp-content/plugins/share-buttons/upload/uploads/
4. Alternatively, if you intercept the request in Burp Suite (or create a form that posts to the endpoint), you can manipulate the `relPath` parameter to upload to other directories on the web server

Affects Plugins

No known fix

References

CVE

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Bob Matyas

Submitter

Bob Matyas

Submitter website

https://www.bobmatyas.com

Submitter twitter

Verified

Yes

WPVDB ID

3234cdac-f328-4f1e-a1de-31fbd86aefb9

Timeline

Publicly Published

2025-01-06 (about 1 year ago)

Added

2025-01-06 (about 1 year ago)

Last Updated

2025-01-06 (about 1 year ago)

Other

Published

Title

Published

2024-11-25

Title

Product Input Fields for WooCommerce < 2.0 - Contributor+ Arbitrary File Read

Published

2021-08-23

Title

OMGF < 4.5.4 - Unauthenticated Path Traversal in REST API

Published

2017-10-20

Title

Multiple Plugins - jQueryFileTree - Unauthenticated Path Traversal

Published

2023-03-20

Title

All-In-One Security (AIOS) < 5.1.5 - Admin+ Arbitrary File/Folder Access via Traversal

Published

2022-03-01

Title

Folders Disclosure via Outdated jQueryFileTree Library