Path Traversal Vulnerability Affects Animated Number Counters
CVE-2024-43957

8.8HIGH

Key Information:

Vendor: Sk. Abul Hasan
Status: Animated Number Counters
Vendor: CVE Published:; 29 August 2024

Summary

A vulnerability in the Animated Number Counters plugin by Sk. Abul Hasan for WordPress permits improper limitation of a pathname, resulting in potential PHP Local File Inclusion. This flaw enables attackers to access sensitive files on the server, posing a significant risk to website security. The vulnerability affects all versions up to and including 1.9, necessitating immediate attention to ensure the integrity and security of installations utilizing this plugin.

Affected Version(s)

Animated Number Counters <= 1.9

References

https://patchstack.com/database/vulnerability/animated-nu...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 29, 2024
Vulnerability Reserved
Aug 18, 2024

Credit

João Pedro Soares de Alcântara - Kinorth (Patchstack Alliance)