Path Traversal Vulnerability in PluginsWare Advanced Classifieds & Directory Pro
CVE-2024-37501

8.5HIGH

Key Information:

Vendor: WordPress
Status: Advanced Classifieds & Directory Pro
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-37501?

The vulnerability in PluginsWare Advanced Classifieds & Directory Pro allows attackers to exploit an improper limitation of a pathname to a restricted directory, leading to potential unauthorized access to sensitive files. This issue impacts versions from n/a up to and including 3.1.3, enabling the possibility of local file inclusion attacks. Protection against such vulnerabilities is crucial for maintaining the integrity and security of web applications using this software.

Affected Version(s)

Advanced Classifieds & Directory Pro <= 3.1.3

References

https://patchstack.com/database/vulnerability/advanced-cl...

vdb-entry

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024

CVE-2024-37501 Data

JSON

WordPress

What is CVE-2024-37501?

Affected Version(s)

References

CVSS V3.1

Timeline