BuddyPress < 14.2.1 – Authenticated (Subscriber+) Directory Traversal | CVE 2024-10011 | Plugin Vulnerabilities

Description

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions. This vulnerability only affects Windows.

Affects Plugins

Fixed in 14.2.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Domons

Verified

No

WPVDB ID

7982f582-1a81-4d38-ba59-2f052fe4d7c7

Timeline

Publicly Published

2024-10-24 (about 1 year ago)

Added

2024-10-29 (about 1 year ago)

Last Updated

2024-10-29 (about 1 year ago)

Other

Published

Title

Published

2025-03-25

Title

Product Import Export for WooCommerce < 2.5.1 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function

Published

2015-08-24

Title

Multi Plugin Installer < 1.2.0 - Unauthenticated File Traversal

Published

2015-07-02

Title

MDC YouTube Downloader <= 2.1.0 - Local File Inclusion

Published

2025-05-21

Title

Hot Random Image < 1.9.3 - Path Traversal to Authenticated (Contributor+) Limited Arbitrary Image Access via path Parameter

Published

2025-08-26

Title

WooCommerce csv import export < 2.0.7 - Authenticated (Subscriber+) Arbitrary File Deletion