Arbitrary File Read Vulnerability in Music Sheet Viewer Plugin for WordPress
CVE-2024-13671

7.5HIGH

Key Information:

Vendor: WordPress
Status: Music Sheet Viewer
Vendor: CVE Published:; 30 January 2025

Summary

The Music Sheet Viewer plugin for WordPress is susceptible to an Arbitrary File Read vulnerability due to flaws in the read_score_file() function found in all versions up to and including 4.1. This vulnerability allows unauthenticated attackers to access and read sensitive files from the server, potentially exposing confidential information. It is imperative for users of the plugin to implement immediate security measures or upgrade to a secured version to mitigate risks.

Affected Version(s)

Music Sheet Viewer * <= 4.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/music-sheet-vi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Peter Thaleikis