The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
References
Configurations
History
21 Nov 2024, 09:48
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
References | () https://plugins.trac.wordpress.org/browser/market-exporter/trunk/includes/class-restapi.php#L427 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3098360/market-exporter/trunk/includes/class-restapi.php - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ea4bf9-e109-465e-890a-c2923089fb66?source=cve - Third Party Advisory |
11 Jun 2024, 18:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://plugins.trac.wordpress.org/browser/market-exporter/trunk/includes/class-restapi.php#L427 - Product | |
References | () https://plugins.trac.wordpress.org/changeset/3098360/market-exporter/trunk/includes/class-restapi.php - Patch | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/c3ea4bf9-e109-465e-890a-c2923089fb66?source=cve - Third Party Advisory | |
First Time |
Vanyukov
Vanyukov market Exporter |
|
CPE | cpe:2.3:a:vanyukov:market_exporter:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
07 Jun 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-07 11:15
Updated : 2024-11-21 09:48
NVD link : CVE-2024-5637
Mitre link : CVE-2024-5637
CVE.ORG link : CVE-2024-5637
JSON object : View
Products Affected
vanyukov
- market_exporter
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')