Arbitrary File Inclusion Vulnerability in Penci Soledad Data Migrator plugin for WordPress
CVE-2024-3551

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Penci Soledad Data Migrator
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-3551?

The Penci Soledad Data Migrator plugin for WordPress is affected by a Local File Inclusion vulnerability that stems from the improper handling of the 'data' parameter. This flaw allows unauthenticated attackers to include and execute arbitrary files on the server, creating opportunities for executing any PHP code present in those files. The vulnerability poses serious risks, such as the ability to bypass access controls and potentially access sensitive data. Attackers could exploit this vulnerability through the manipulation of uploads to capture file paths, thus facilitating unauthorized code execution limited to PHP files.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Penci Soledad Data Migrator * <= 1.3.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/soledad-multiconcept-blogmag...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2024

JSON

WordPress

What is CVE-2024-3551?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.