CVE-2024-12152 | mulika MIPL WC Multisite Sync Plugin up to 1.1.5 on WordPress Arbitrary File mipl_wc_sync_download_log path traversal

Inserito da Angelo Barbosa | Gen 7, 2025 | CVE

A vulnerability classified as critical was found in mulika MIPL WC Multisite Sync Plugin up to 1.1.5 on WordPress. This vulnerability affects the function mipl_wc_sync_download_log of the component Arbitrary File Handler. The manipulation leads to path traversal.

This vulnerability was named CVE-2024-12152. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-12152 | mulika MIPL WC Multisite Sync Plugin up to 1.1.5 on WordPress Arbitrary File mipl_wc_sync_download_log path traversal

Post correlati

CVE-2024-33553 | 8theme XStore Core Plugin up to 5.3.5 on WordPress deserialization

CVE-2024-47659 | Linux Kernel up to 6.10.8 IPv4 improper authorization

CVE-2023-49734 | Apache Superset up to 2.1.1/3.0.1 Chart authorization

CVE-2024-2856 | Tenda AC10 16.03.10.13/16.03.10.20 /goform/SetSysTimeCfg fromSetSysTime timeZone stack-based overflow