CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-11613

Critical Severity
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.68219/1

CVE-2024-11613 is a critical vulnerability in the WordPress File Upload plugin, allowing unauthenticated remote code execution. This arbitrary file vulnerability affects versions up to 4.24.15, stemming from insufficient sanitization of the 'source' parameter in 'wfu_file_downloader.php', enabling attackers to manipulate directory paths. SOCRadar's Vulnerability Risk Score (SVRS) for this CVE is 84, indicating a critical risk and requiring immediate attention. Due to active exploits being available "In The Wild," successful exploitation could lead to complete system compromise. Attackers can read, delete, or execute code, causing significant damage. The existence of active exploits further elevates the urgency for patching or mitigating this security flaw. This vulnerability poses a substantial threat to WordPress websites using the affected plugin.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-01-08
LAST MODIFIED2025-04-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-11613 affects the WordPress File Upload plugin, specifically versions up to and including 4.24.15. This vulnerability allows attackers to execute arbitrary code, read files, and delete files on the server, making it a critical security risk. While the CVSS score is 9.8, indicating high severity, the SVRS (SOCRadar Vulnerability Risk Score) is 30, indicating a moderate risk. This discrepancy could be attributed to factors like the prevalence of the vulnerability in the wild, the availability of exploits, and the potential impact on affected systems.

Key Insights

  • Unauthenticated Remote Code Execution: The vulnerability allows unauthenticated attackers to execute arbitrary code on the server. This means that even without any login credentials, attackers can gain control of the affected WordPress site.
  • File Manipulation: Attackers can exploit this vulnerability to read and delete arbitrary files on the server. This could allow them to steal sensitive data or disrupt website functionality.
  • Exploits Available: Active exploits have been published, making it easier for attackers to exploit this vulnerability. This necessitates immediate action to patch the affected systems.
  • In The Wild: The CVE has been reported as being actively exploited "In The Wild", meaning that attackers are currently using this vulnerability in real-world attacks.

Mitigation Strategies

  • Update the WordPress File Upload Plugin: The most effective mitigation strategy is to update the plugin to the latest version (4.24.16 or later), which addresses the vulnerability.
  • Apply Security Best Practices: Implement robust security practices, such as regularly updating software, using strong passwords, and enabling two-factor authentication.
  • Restrict File Upload Functionality: Consider limiting the types of files that can be uploaded to the website, especially if the plugin is not essential.
  • Implement a Web Application Firewall (WAF): A WAF can help prevent attackers from exploiting this vulnerability by blocking malicious traffic.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Sachinart/CVE-2024-11613-wp-file-uploadhttps://github.com/Sachinart/CVE-2024-11613-wp-file-upload2025-01-08
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-11613 | File Upload Plugin up to 4.24.15 on WordPress path traversal
vuldb.com2025-04-17
CVE-2024-11613 | File Upload Plugin up to 4.24.15 on WordPress path traversal | A vulnerability was found in File Upload Plugin up to 4.24.15 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to path traversal. This vulnerability is uniquely identified as CVE-2024-11613. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

WordPress File Upload RCE (Part 2) : Full Disclosure of CVE-2024-11613 - When Patches Introduce New Vulnerabilities : https://t.co/YQAO4AvnHn Full Disclosure of CVE-2024-9939 & CVE-2024-11635 : https://t.co/NJV4TdNlur
0
0
3
CVE-2024-11613 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrar..https://t.co/ImoYXWqcpA #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
0
0
1
A CVE of mine CVE-2024-11613 (CVSS:3.1 9.8 Critical) has been released today. Full disclosure exclusively on my blog https://t.co/Z46zGdurbe, on the 14th March 2025. You can read more about it at the link below https://t.co/OihGRXEX7D Please save the date.
0
1
3

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
[email protected]https://plugins.trac.wordpress.org/changeset/3217005/
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve
[email protected]https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php
[email protected]https://plugins.trac.wordpress.org/changeset/3217005/
[email protected]https://www.wordfence.com/threat-intel/vulnerabilities/id/31052fe6-a0ae-4502-b2d2-dbc3b3bf672f?source=cve

CWE Details

CWE IDCWE NameDescription
CWE-94Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence