CVE-2024-35744 – WordPress Upunzipper plugin <= 1.0.0 - Arbitrary File Deletion vulnerability

https://notcve.org/view.php?id=CVE-2024-35744

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ravidhu Dissanayake Upunzipper allows Path Traversal, File Manipulation.This issue affects Upunzipper: from n/a through 1.0.0. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en Ravidhu Dissanayake Upunzipper permite el Path Traversals y la manipulación de archivos. Este problema afecta a Upunzipper: desde n/a hasta 1.0.0. The Upunzipper plugin for WordPress is vulnerable to Arbitrary File Deletion in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files on the server which can lead to remote code execution. • https://patchstack.com/database/vulnerability/upunzipper/wordpress-upunzipper-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •