Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-31210

HIGH
Published 2024-04-04T22:59:28.955Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-31210. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
7.7
/10
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.004
probability
of exploitation in the wild

There is a 0.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.625
Higher than 62.5% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. Lower level users are not affected. Sites where the `DISALLOW_FILE_MODS` constant is set to `true` are not affected. Sites where an administrative user either does not need to enter FTP credentials or they have access to the valid FTP credentials, are not affected. The issue was fixed in WordPress 6.4.3 on January 30, 2024 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. A workaround is available. If the `DISALLOW_FILE_MODS` constant is defined as `true` then it will not be possible for any user to upload a plugin and therefore this issue will not be exploitable.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

WordPress

wordpress-develop

Affected Versions:

>= 6.4.0, < 6.4.3 >= 6.3.0, < 6.3.3 >= 6.2.0, < 6.2.4 >= 6.1.0, < 6.1.5 >= 6.0.0, < 6.0.7 >= 5.9.0, < 5.9.9 >= 5.8.0, < 5.8.9 >= 5.7.0, < 5.7.11 >= 5.6.0, < 5.6.13 >= 5.5.0, < 5.5.14 >= 5.4.0, < 5.4.15 >= 5.3.0, < 5.3.17 >= 5.2.0, < 5.2.20 >= 5.1.0, < 5.1.18 >= 5.0.0, < 5.0.21 >= 4.9.0, < 4.9.25 >= 4.8.0, < 4.8.24 >= 4.7.0, < 4.7.28 >= 4.6.0, < 4.6.28 >= 4.5.0, < 4.5.31 >= 4.4.0, < 4.4.32 >= 4.3.0, < 4.3.33 >= 4.2.0, < 4.2.37 < 4.1.40
wordpress

wordpress-develop

Affected Versions:

0

References

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-x79f-xrjv-jx5r
Published: 2024-04-04T22:59:28.955Z
Last Modified: 2024-08-02T01:46:04.580Z
Copied to clipboard!