CVE-2024-5637

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jun 7, 2024

Updated: Jun 11, 2024

CWE ID 22

Summary

CVE-2024-5637 is a vulnerability affecting the Market Exporter plugin for WordPress. This issue allows authenticated attackers, with Subscriber-level access and above, to bypass capability checks on the 'remove_files' function. Consequently, attackers can exploit path traversal vulnerabilities to delete arbitrary files residing on the vulnerable server. This can result in unauthorized data loss, posing a significant security risk for WordPress websites using the Market Exporter plugin, versions up to and including 2.0.19.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wRulz1
https://www.cve.org/CVERecord?id=CVE-2024-5637
https://nvd.nist.gov/vuln/detail/CVE-2024-5637

Back to Vulnerability Database

CVE-2024-5637

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations