Themes Vulnerabilities

CAS <= 1.0.0 - Unauthenticated Arbitrary File Access

Description

This plugin does not validate a path generated with user input when downloading files, allowing unauthenticated user to download arbitrary files from the server

Proof of Concept

Affects Themes

cas
No known fix

References

CVE
CVE-2024-4388

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
8.6 (high)

Miscellaneous

Original Researcher
Aly Khaled Aly Abd Al-aal
Submitter
Aly Khaled Aly Abd Al-aal
Submitter website
https://0x41ly.github.io/
Submitter twitter
Aly_Khal3d
Verified
Yes
WPVDB ID
5c791747-f60a-40a7-94fd-e4b9bb5ea2b0

Timeline

Publicly Published
2024-05-02 (about 1 year ago)
Added
2024-05-02 (about 1 year ago)
Last Updated
2024-05-02 (about 1 year ago)

Other

Published
Title
Published
2025-10-24
Title
Directorist: AI-Powered Business Directory Plugin with Classified Ads Listings < 8.4.9 - Authenticated (Subscriber+) Arbitrary File Move
Published
2025-02-12
Title
Campress <= 1.35 - Unauthenticated Local File Inclusion
Published
2025-07-01
Title
Vikinger < 1.9.33 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
Published
2014-08-01
Title
Ajax Pagination 1.1 - wp-admin/admin-ajax.php loop Parameter Local File Inclusion
Published
2015-03-03
Title
Authentic Theme - Arbitrary File Download