Path Traversal Vulnerability Allows PHP Local File Inclusion in WPCafe
CVE-2024-43135

8.8HIGH

Key Information:

Vendor: WordPress
Status: WPcafe
Vendor: CVE Published:; 13 August 2024

Summary

A Path Traversal vulnerability in Themewinter's WPCafe plugin affects versions up to 2.2.28, allowing attackers to exploit improper restrictions on directory paths. This security flaw enables unauthorized access to files on the server through PHP Local File Inclusion, potentially compromising sensitive data and system integrity. Timely patching and remediation are essential to mitigate these security risks associated with the WPCafe plugin.

Affected Version(s)

WPCafe <= 2.2.28

References

https://patchstack.com/database/vulnerability/wp-cafe/wor...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Aug 7, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)