Lucene search
HistoryMay 17, 2024 - 9:15 a.m.
CVE-2024-27954
wp automatic
path traversal
security vulnerability
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
21.4%
Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in WP Automatic Automatic allows Path Traversal, Server Side Request Forgery.This issue affects Automatic: from n/a through 3.92.0.
Related
vulnrichment
vulnrichment
cvelist
cvelist
wpvulndb
wpvulndb
cve
cve
CVE-2024-27954
2024-05-17 09:15:26
nuclei
nuclei
WordPress Automatic Plugin <3.92.1 - Arbitrary File Download and SSRF
2024-03-22 15:33:04
wordfence
wordfence
CVSS3
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
AI Score
9.3
Confidence
High
EPSS
0.001
Percentile
21.4%
Related for NVD:CVE-2024-27954