Path Traversal Vulnerability in Droip Allows File Manipulation
CVE-2024-43955

7.5HIGH

Key Information:

Vendor: WordPress
Status: Droip
Vendor: CVE Published:; 29 August 2024

Summary

A vulnerability in Themeum's Droip plugin, identified as an improper limitation of a pathname to a restricted directory, allows unauthorized users to manipulate files on the server. This path traversal issue enables attackers to gain access to sensitive files that should be restricted, posing a significant risk to the security integrity of the affected sites. Users of Droip versions up to 1.1.1 are particularly vulnerable, as this flaw may lead to unauthorized file download and deletion, jeopardizing user data and site functionality.

Affected Version(s)

Droip <= 1.1.1

References

https://patchstack.com/database/vulnerability/droip/wordp...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 18, 2024

Credit

Dave Jong (Patchstack)