Unauthorized File Access via Download_Log Function in Social Media Auto Post
CVE-2024-8352

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Social Web Suite – Social Media Auto Post, Social Media Auto Publish
Vendor: CVE Published:; 3 October 2024

What is CVE-2024-8352?

The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to a Directory Traversal issue. This vulnerability affects all versions up to and including 4.1.11 through the download_log function. By exploiting this flaw, unauthenticated attackers can access and read arbitrary files stored on the server, which may contain sensitive data. Proper scrutiny and timely updates are essential to mitigate potential risks associated with this security gap.

Affected Version(s)

Social Web Suite – Social Media Auto Post, Social Media Auto Publish * <= 4.1.11

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/social-web-sui...

https://plugins.trac.wordpress.org/changeset/3155593/soci...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2024
Vulnerability Reserved
Aug 30, 2024

Credit

Thanh Nam Tran

JSON

Wordpress

What is CVE-2024-8352?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit