almosteffortless secure-files Plugin secure-files.php sf_downloads path traversal
CVE-2005-10002

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: secure-files Plugin
Vendor: CVE Published:; 29 October 2023

What is CVE-2005-10002?

A vulnerability exists in the almosteffortless secure-files Plugin for WordPress, specifically in the sf_downloads function within secure-files.php. This vulnerability occurs due to improper handling of the downloadfile argument, allowing an attacker to exploit path traversal and access unintended files on the server. Users are strongly advised to update to version 1.2 or later, which resolves this issue with a specified patch. Regular updates and monitoring are essential to maintain security against such vulnerabilities.

Affected Version(s)

secure-files Plugin 1.0

secure-files Plugin 1.1

References

https://vuldb.com/?id.243804

vdb-entrytechnical-description

https://vuldb.com/?ctiid.243804

signaturepermissions-required

https://github.com/wp-plugins/secure-files/commit/cab025e...

patch

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2023
Vulnerability Reserved
Oct 28, 2023

Credit

VulDB GitHub Commit Analyzer

Wordpress

What is CVE-2005-10002?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit