Path Traversal Vulnerability in WP Timeline Plugin Allows PHP Local File Inclusion

CVE-2024-47324

7.5HIGH

Key Information

Vendor: Ex-themes
Status: WP Timeline – Vertical And Horizontal Timeline Plugin
Vendor: CVE Published:; 5 October 2024

Summary

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ex-Themes WP Timeline – Vertical and Horizontal timeline plugin allows PHP Local File Inclusion.This issue affects WP Timeline – Vertical and Horizontal timeline plugin: from n/a through 3.6.7.

Affected Version(s)

WP Timeline – Vertical and Horizontal timeline plugin <= 3.6.7

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 5, 2024
Vulnerability Reserved.
Sep 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

Bonds (Patchstack Alliance)