SellKit < 1.8.3 – Authenticated (Subscriber+) Arbitrary File Download | CVE 2024-30509 | Plugin Vulnerabilities

Description

The SellKit – Funnel builder and checkout optimizer for WooCommerce to sell more, faster plugin for WordPress is vulnerable to arbitrary file downloads in all versions up to, and including, 1.8.1. This is due to insufficient file validation in the handle_file_download function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download arbitrary files.

Affects Plugins

Fixed in 1.8.3

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/21bc2595-0760-42a6-b11b-3f7609223d8b

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

stealthcopter

Verified

No

WPVDB ID

e2f26e36-6924-4478-b2d6-6d6301cde7c2

Timeline

Publicly Published

2024-03-28 (about 2 years ago)

Added

2024-04-03 (about 2 years ago)

Last Updated

2024-04-03 (about 2 years ago)

Other

Published

Title

Published

2025-07-31

Title

BuddyPress XProfile Custom Image Field < 3.1.0 - Unauthenticated Arbitrary File Deletion

Published

2025-10-15

Title

Barcode Scanner with Inventory & Order Manager < 1.10.5 - Authenticated (Shop Manager+) Directory Traversal

Published

2015-04-13

Title

WP Mobile Edition < 2.3 - Remote File Disclosure

Published

2025-04-17

Title

Avatar <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion

Published

2015-07-10

Title

IBS Mappro < 1.0 - Directory Traversal