Path Traversal Vulnerability Affects SSV MailChimp
CVE-2024-49285

7.5HIGH

Key Information:

Vendor

WordPress
Status
Ssv Mailchimp
Vendor
CVE Published:
17 October 2024

What is CVE-2024-49285?

A Path Traversal vulnerability in Moridrin's SSV MailChimp plugin allows attackers to exploit improper limitations on file path names. This flaw grants unauthorized access to sensitive files via PHP Local File Inclusion, potentially compromising the security of affected installations. Users running SSV MailChimp versions up to and including 3.1.5 are susceptible to this vulnerability, making it crucial for site administrators to assess their security measures and update to secure versions.

Affected Version(s)

SSV MailChimp <= 3.1.5

References

https://patchstack.com/database/vulnerability/ssv-mailchi...
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tahu.datar (Patchstack Alliance)
.
CVE-2024-49285 : Path Traversal Vulnerability Affects SSV MailChimp