Mailster Vulnerable to Path Traversal Attack
CVE-2024-32523

8.1HIGH

Key Information:

Vendor: WordPress
Status: Mailster
Vendor: CVE Published:; 17 May 2024

Summary

The EverPress Mailster plugin is susceptible to a Path Traversal vulnerability, which can lead to Local File Inclusion in PHP. This flaw arises from improper validation of input, allowing an attacker to manipulate directory paths and access sensitive files on the server. The vulnerability affects Mailster versions up to 4.0.6, posing a significant risk. Proper file path validation should be implemented to mitigate potential exploitation.

Affected Version(s)

Mailster <= 4.0.6

References

https://patchstack.com/database/vulnerability/mailster/wo...

vdb-entry

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 17, 2024
Vulnerability Reserved
Apr 15, 2024

Credit

Rafie Muhammad (Patchstack)