CVE-2024-0380: Path Traversal
First published: Mon Feb 05 2024(Updated: )
The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Recipe Maker | <=9.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-0380?
CVE-2024-0380 is considered a medium severity vulnerability due to its potential for directory traversal exploits.
How do I fix CVE-2024-0380?
To fix CVE-2024-0380, update the WP Recipe Maker plugin to version 9.1.1 or later.
Who is affected by CVE-2024-0380?
CVE-2024-0380 affects all versions of the WP Recipe Maker plugin up to and including 9.1.0, specifically impacting authenticated users with contributor-level access and above.
What type of vulnerability is CVE-2024-0380?
CVE-2024-0380 is a directory traversal vulnerability that allows inclusion of SVG file contents.
Which software is impacted by CVE-2024-0380?
CVE-2024-0380 impacts the WP Recipe Maker plugin for WordPress.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/remedy
- agent/severity
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/bootstrapped
- canonical/wp recipe maker
- version/wp recipe maker/9.1.0