In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 07-08, 2024.
During this period, The National Vulnerability Database published 32, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 4
Medium: 25
Low: 0
Severity Not Assigned: 3
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-11010
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/init.php#L222
https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/fileorganizer.php#L149
https://plugins.trac.wordpress.org/changeset/3201635/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8e958653-36c4-4979-89e1-d9411a35a92a?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-12270
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/beautiful-taxonomy-filters/trunk/includes/class-beautiful-taxonomy-filters.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11501
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/multi-gallery/tags/1.3/partials/Shortcode.php#L21
https://www.wordfence.com/threat-intel/vulnerabilities/id/778f7d9b-6376-4026-a291-1fedeabe8c99?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-47115
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
References: https://www.ibm.com/support/pages/node/7178033
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between December 07-08, 2024.
During this period, The National Vulnerability Database published 32, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 0
High: 4
Medium: 25
Low: 0
Severity Not Assigned: 3
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-11010
Base Score: 7.2
Base Severity: HIGH
Exploitability Score: 1.2
Impact Score: 5.9
Description: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
References: https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/init.php#L222
https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/fileorganizer.php#L149
https://plugins.trac.wordpress.org/changeset/3201635/
https://www.wordfence.com/threat-intel/vulnerabilities/id/8e958653-36c4-4979-89e1-d9411a35a92a?source=cve
CWE-ID: CWE-22
Common Platform Enumerations (CPE): Not Found
2. CVE-2024-12270
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description: The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References: https://plugins.trac.wordpress.org/browser/beautiful-taxonomy-filters/trunk/includes/class-beautiful-taxonomy-filters.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/75c9c106-d1f9-43ee-be1f-3eddec8f2529?source=cve
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
3. CVE-2024-11501
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References: https://plugins.trac.wordpress.org/browser/multi-gallery/tags/1.3/partials/Shortcode.php#L21
https://www.wordfence.com/threat-intel/vulnerabilities/id/778f7d9b-6376-4026-a291-1fedeabe8c99?source=cve
CWE-ID: CWE-502
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-47115
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
References: https://www.ibm.com/support/pages/node/7178033
CWE-ID: CWE-78
Common Platform Enumerations (CPE): Not Found