Sensitive Information Exposure Vulnerability Affects FileOrganizer Plugin
CVE-2024-5599

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Fileorganizer – Manage WordPress And Website Files
Vendor: CVE Published:; 7 June 2024

Summary

The FileOrganizer plugin for WordPress has a vulnerability that allows unauthenticated attackers to access sensitive data, such as backups or other important files. This exposure arises from the 'fileorganizer_ajax_handler' function, which does not adequately protect files moved to the built-in Trash folder. Consequently, if files containing sensitive information are not properly secured, they may be retrieved by malicious actors, leading to potential data breaches.

Affected Version(s)

FileOrganizer – Manage WordPress and Website Files * <= 1.0.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/fileorganizer/...

https://plugins.trac.wordpress.org/changeset/3098763/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 7, 2024
Vulnerability Reserved
Jun 3, 2024

Credit

emad