FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-5709

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Published: Aug 6, 2024 / Updated: 3mo ago

010
CVSS 8.8EPSS 0.05%High
CVE info copied to clipboard

Summary

The WPBakery Visual Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.7 via the 'layout_name' parameter. This vulnerability allows authenticated attackers with Author-level access and above, and with post permissions granted by an Administrator, to include and execute arbitrary files on the server. This can lead to the execution of any PHP code in those files.

Impact

This vulnerability can have severe impacts: 1. Bypass of access controls: Attackers can potentially access restricted areas of the system. 2. Sensitive data exposure: Attackers may be able to read sensitive files on the server. 3. Code execution: In cases where "safe" file types like images can be uploaded and included, attackers could achieve arbitrary code execution on the server. 4. Privilege escalation: The ability to execute arbitrary PHP code could allow an attacker to elevate their privileges within the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is not explicitly mentioned in the provided information. However, given that the vulnerability affects "all versions up to, and including, 7.7" of the WPBakery Visual Composer plugin, it is likely that a patched version higher than 7.7 is available or will be released soon. Users should check for updates and apply them as soon as they become available.

Mitigation

1. Update the WPBakery Visual Composer plugin to a version higher than 7.7 as soon as a patched version is available. 2. Implement the principle of least privilege: Review and restrict user roles and permissions, especially for Author-level access and above. 3. Implement input validation and sanitization for the 'layout_name' parameter to prevent local file inclusion. 4. Consider using Web Application Firewall (WAF) rules to detect and block potential local file inclusion attempts. 5. Regularly audit and monitor file access logs for any suspicious activity. 6. If immediate updating is not possible, consider temporarily disabling the WPBakery Visual Composer plugin until a patch can be applied.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-5709. See article

Aug 6, 2024 at 5:38 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 6, 2024 at 5:39 AM
CVE Assignment

NVD published the first details for CVE-2024-5709

Aug 6, 2024 at 6:15 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Aug 6, 2024 at 6:20 AM / nvd
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (152087)

Aug 11, 2024 at 7:53 AM
Static CVE Timeline Graph

Affected Systems

Wordpress/wordpress
+null more

Attack Patterns

CAPEC-126: Path Traversal
+null more

News

Web Application Detections Published in August 2024
Qualys Notifications / 2mo
In August, Qualys released QIDs targeting vulnerabilities in several widely-used software products, including JetBrains TeamCity, WordPress, LiteLLM, phpMyBackupPro, Apache OFBiz, Apache Superset, Automation Anywhere Automation 360, Microsoft IIS, Zabbix, nuxt/icon, Laravel, Jenkins, Nginx, SolarWinds Web Help Desk and OpenSSL. Customers can get more details about the following QIDs in our knowledge base. Customers should review their reports for these detections. If any of the following are reported against their applications scanned, customers should follow the steps mentioned in the solution to ensure their systems are protected against the identified vulnerabilities. QID Title 150929 WordPress Form Vibes Plugin: SQL Injection Vulnerability (CVE-2024-5325) 150951 WordPress ERP Plugin: SQL Injection Vulnerability (CVE-2024-6666) 152002 WordPress Popup Builder Plugin: Unauthorized Modification and Loss of Data Vulnerability (CVE-2024-2544) 152028 WordPress UsersWP Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-6265) 152031 WordPress InstaWP Connect Plugin: Authentication Bypass Vulnerability (CVE-2024-6397) 152032 WordPress Quiz Maker Plugin:
Wordfence Intelligence Weekly WordPress Vulnerability Report (August 5, 2024 to August 11, 2024)
Vulnerabilities Archives - Wordfence / 3mo
Our mission with Wordfence Intelligence is to make valuable vulnerability information easily accessible to everyone, like the WordPress community, so individuals and organizations alike can utilize that data to make the internet more secure. WordPress Plugins with Reported Vulnerabilities Last Week
Security Bulletin 7 Aug 2024 - Cyber Security Agency of Singapore
Top stories - Google News / 3mo
Security Bulletin 7 Aug 2024 Cyber Security Agency of Singapore
High - CVE-2024-5709 - The WPBakery Visual Composer plugin for...
Security-Database Alerts Monitor : Last 100 Alerts / 3mo
This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe� file types can be uploaded and included. Cvss vector : Cvss Base Score N/A Attack Range N/A Cvss Impact Score N/A Attack Complexity N/A Cvss Expoit Score N/A Authentication N/A Calculate full CVSS 2.0 Vectors scores
CVE-2024-5709
INCIBE-CERT - Vulnerabilities RSS / 3mo
This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Gravedad 3.1 (CVSS 3.1 Base Score)
See 6 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.8(18246)CWE-22(6658)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial