Directory Traversal Flaw in Media File Organizer Plugin for WordPress
CVE-2020-24144

8.6HIGH

Key Information:

Vendor
Wordpress
Status
Media File Organizer
Vendor
CVE Published:
7 July 2021

Summary

The Media File Organizer plugin version 1.0.1 for WordPress contains a directory traversal vulnerability that allows attackers to gain unauthorized access to files stored outside the web root directory. This can be exploited through the items[] parameter during a move operation, potentially exposing sensitive information stored on the server.

References

https://ru.wordpress.org/plugins/media-file-organizer/
x_refsource_MISC
https://github.com/secwx/research/blob/main/cve/CVE-2020-...
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.