Improper Limitation of a Pathname Leads to PHP Local File Inclusion Vulnerability in WP Timeline
CVE-2024-47323

8.1HIGH

Key Information:

Vendor: WordPress
Status: WP Timeline – Vertical And Horizontal Timeline Plugin
Vendor: CVE Published:; 5 October 2024

Summary

The WP Timeline – Vertical and Horizontal Timeline Plugin developed by Ex-Themes contains a vulnerability characterized by improper limitation of a pathname to a restricted directory, known as Path Traversal. This flaw enables attackers to exploit PHP Local File Inclusion, facilitating unauthorized access to the server's filesystem. All versions up to and including 3.6.7 are affected, exposing users to potential risks such as data leakage or further attacks due to insecure configurations. Immediate action is advised to secure installations against this vulnerability.

Affected Version(s)

WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7

References

https://patchstack.com/database/vulnerability/wp-timeline...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 5, 2024
Vulnerability Reserved
Sep 24, 2024

Credit

Bonds (Patchstack Alliance)