almosteffortless secure-files Plugin secure-files.php sf_downloads path traversal
CVE-2005-10002

9.8CRITICAL

Key Information:

Vendor

Wordpress
Status
secure-files Plugin
Vendor
CVE Published:
29 October 2023

What is CVE-2005-10002?

A vulnerability exists in the almosteffortless secure-files Plugin for WordPress, specifically in the sf_downloads function within secure-files.php. This vulnerability occurs due to improper handling of the downloadfile argument, allowing an attacker to exploit path traversal and access unintended files on the server. Users are strongly advised to update to version 1.2 or later, which resolves this issue with a specified patch. Regular updates and monitoring are essential to maintain security against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

secure-files Plugin 1.0

secure-files Plugin 1.1

References

https://vuldb.com/?id.243804
vdb-entrytechnical-description
https://vuldb.com/?ctiid.243804
signaturepermissions-required
https://github.com/wp-plugins/secure-files/commit/cab025e...
patch

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

VulDB GitHub Commit Analyzer
JSON
.