Improper Limitation of a Pathname Leads to PHP Local File Inclusion Vulnerability in WP Timeline
CVE-2024-47323
8.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 5 October 2024
What is CVE-2024-47323?
The WP Timeline – Vertical and Horizontal Timeline Plugin developed by Ex-Themes contains a vulnerability characterized by improper limitation of a pathname to a restricted directory, known as Path Traversal. This flaw enables attackers to exploit PHP Local File Inclusion, facilitating unauthorized access to the server's filesystem. All versions up to and including 3.6.7 are affected, exposing users to potential risks such as data leakage or further attacks due to insecure configurations. Immediate action is advised to secure installations against this vulnerability.
Affected Version(s)
WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7