KEVIntel
PRO Back to KEVs
9.8
CVSS
Critical

CVE-2024-9047

PUBLISHED

WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php

PoC available Remote Low complexity No user interaction
Vendor
nickboss
Product
WordPress File Upload
Published
Oct 12, 2024
EPSS

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.

nuclei_scanner

Weaknesses (CWE)

  • CWE-22

    The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Proof of concept available

Recorded 2025-01-25 02:41:28 UTC · Source

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
The Shadowserver (via CIRCL) First 2025-06-26 00:00 UTC

Scanner integrations

Scanner Reference Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-9047.yaml Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

Nxploited/CVE-2024-9047-Exploit

github · Created 2025-01-25 02:41:28 UTC · 2 stars

Exploit for WordPress File Upload Plugin - All versions up to 4.24.11 are vulnerable.

verylazytech/CVE-2024-9047

github · Created 2025-01-08 07:27:16 UTC · 6 stars

POC - WordPress File Upload plugin, in the wfu_file_downloader.php file before version <= 4.24.11

iSee857/CVE-2024-9047-PoC

github · Created 2024-12-25 05:19:17 UTC · 4 stars

WordPress File Upload插件任意文件读取漏洞(CVE-2024-9047)批量检测脚本

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel