Path Traversal Vulnerability Affects EmbedPress
CVE-2024-43328

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Embedpress
Vendor: CVE Published:; 19 August 2024

Summary

A Path Traversal vulnerability exists in the EmbedPress plugin by WPDeveloper, enabling attackers to access restricted directories through improper limitations on file paths. This vulnerability can lead to PHP Local File Inclusion, posing significant security risks to impacted installations. The issue affects all versions of EmbedPress from its initial release up to 4.0.9, allowing for potential unauthorized access to sensitive files on the server.

Affected Version(s)

EmbedPress <= 4.0.9

References

https://patchstack.com/database/vulnerability/embedpress/...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 19, 2024

Credit

Rafie Muhammad (Patchstack)