CVE-2024-50509
WordPress Woocommerce Product Design plugin <= 1.0.0 - Arbitrary File Deletion vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through 1.0.0.
La vulnerabilidad de limitaciĆ³n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Chetan Khandla Woocommerce Product Design permite Path Traversal. Este problema afecta a Woocommerce Product Design: desde n/a hasta 1.0.0.
The Woocommerce Product Design plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-10-24 CVE Reserved
- 2024-10-28 CVE Published
- 2024-10-31 EPSS Updated
- 2024-12-12 CVE Updated
- 2024-12-17 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
- CAPEC-126: Path Traversal
References (2)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/vulnerability/woo-product-design/wordpress-woocommerce-product-design-plugin-1-0-0-arbitrary-file-deletion-vulnerability?_s_id=cve | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://github.com/RandomRobbieBF/CVE-2024-50509 | 2024-12-17 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Woo Product Design Search vendor "Woo Product Design" | Woo Product Design Search vendor "Woo Product Design" for product "Woo Product Design" | >= 0.0.0 <= 1.0.0 Search vendor "Woo Product Design" for product "Woo Product Design" and version " >= 0.0.0 <= 1.0.0" | en |
Affected
|