Remote Code Execution and File Manipulation in WordPress File Upload Plugin
CVE-2024-11613

9.8CRITICAL

Key Information:

Vendor
Wordpress
Status
WordPress File Upload
Vendor
CVE Published:
8 January 2025

Badges

📈 Score: 491👾 Exploit Exists🟡 Public PoC🟣 EPSS 62%📰 News Worthy

What is CVE-2024-11613?

CVE-2024-11613 is a critical vulnerability affecting the WordPress File Upload plugin developed by Nickboss. This plugin is widely used by WordPress sites to facilitate file uploads from users. The vulnerability allows unauthenticated attackers to execute remote code on the server due to improper sanitization of input parameters, particularly in the file handling component. This exploitation can lead to severe disruptions for organizations, affecting the integrity and confidentiality of their data.

Technical Details

The vulnerability exists in all versions of the WordPress File Upload plugin up to and including version 4.24.15. It is triggered by the wfu_file_downloader.php file, which does not adequately validate the 'source' parameter, allowing attackers to define arbitrary directory paths. This flaw not only enables the execution of malicious code on impacted servers but also facilitates arbitrary file reading and deletion, resulting in further security risks.

Potential impact of CVE-2024-11613

  1. Remote Code Execution: Attackers can run arbitrary code on compromised servers, leading to full control over the hosting environment and potential installation of additional malicious payloads.

  2. Data Loss and Manipulation: The ability to read and delete files can result in significant data loss. Sensitive files may be compromised, adversely affecting business operations and data integrity.

  3. Reputational Damage: An organization exposed to such vulnerabilities may suffer from a loss of trust among users and customers, potentially leading to long-term repercussions in terms of reputation and client retention.

Affected Version(s)

WordPress File Upload * <= 4.24.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-11613-wp-file-upload
Created by Sachinart

News Articles

favicon imageRecorded Future

CVE-2024-11613 Description, Impact and Technical Details

CVE-2024-11613 is a critical vulnerability affecting the WordPress File Upload plugin. The issue lies in the 'wfu_file_downloader.php' file, where the…

1 month ago

favicon imageAhnLab

WordPress Plugin Security Update Advisory (CVE-2024-11613) - ASEC

Overview We have released a security update to address a vulnerability in the WordPress File Upload plugin. Users of affected products are advised to update to the latest version.   Affected Products  CVE-2024-11613 WordPress File Upload Version: ~4.24.15 (inclusive)     Resolved Vulnerabilities Rem...

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.svn.wordpress.org/wp-file-upload/trunk/wf...
https://plugins.trac.wordpress.org/changeset/3217005/

EPSS Score

62% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by AhnLab

  • Vulnerability published

  • Vulnerability Reserved

Credit

abrahack
.