CVE-2024-9765

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:lukashuser:ekc_tournament_manager:*:*:*:*:*:wordpress:*:*

History

28 May 2025, 15:40

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/c86157b0-43f3-4e82-9697-7dd9401b48d6/ - () https://wpscan.com/vulnerability/c86157b0-43f3-4e82-9697-7dd9401b48d6/ - Exploit, Third Party Advisory
First Time Lukashuser
Lukashuser ekc Tournament Manager
CPE cpe:2.3:a:lukashuser:ekc_tournament_manager:*:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo

16 May 2025, 21:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

16 May 2025, 14:42

Type Values Removed Values Added
Summary
  • (es) El complemento EKC Tournament Manager de WordPress anterior a la versión 2.2.2 permite que un administrador que haya iniciado sesión descargue archivos del sistema fuera del directorio de WordPress

15 May 2025, 20:16

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-15 20:16

Updated : 2025-05-28 15:40


NVD link : CVE-2024-9765

Mitre link : CVE-2024-9765

CVE.ORG link : CVE-2024-9765


JSON object : View

Products Affected

lukashuser

  • ekc_tournament_manager