CVE-2024-12209 | wphealth WP Umbrella Plugin up to 2.17.0 on WordPress umbrella-restore filename filename control

Posted by Angelo Barbosa | Dec 8, 2024 | CVE

A vulnerability classified as critical was found in wphealth WP Umbrella Plugin up to 2.17.0 on WordPress. Affected by this vulnerability is the function umbrella-restore. The manipulation of the argument filename leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-12209. The attack can be launched remotely. There is no exploit available.

CVE-2024-12209 | wphealth WP Umbrella Plugin up to 2.17.0 on WordPress umbrella-restore filename filename control

Related Posts

CVE-2024-30587 | Tenda FH1202 1.2.0.14(408) saveParentControlInfo urls stack-based overflow

CVE-2024-10072 | ESAFENET CDG 5 EncryptPolicyService.java actionAddEncryptPolicyGroup checklist sql injection

CVE-2024-0260 | SourceCodester Engineers Online Portal 1.0 Password Change change_password_teacher.php session expiration

CVE-2024-1203 | Conversios Plugin up to 6.9.1 on WordPress sql injection