Local File Inclusion in CodeMShop WordPress Payment Plugin
CVE-2024-56281

7.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
7 January 2025

What is CVE-2024-56281?

The CodeMShop 워드프레스 결제 심플페이 plugin contains a vulnerability that allows attackers to exploit improper control of filename parameters leading to Local File Inclusion. This flaw can enable unauthorized access to sensitive files on the server, potentially leading to compromise of the web application. Affected versions include all prior to 5.2.0, necessitating immediate attention for users of this plugin to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Affected Version(s)

워드프레스 결제 심플페이 <= 5.2.0

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis (Patchstack Alliance)
.