CVE-2024-9047: WordPress File Upload Plugin Path Traversal Vulnerability (Cross-platform)

Unrestricted File Access in WordPress File Upload (≤ v4.24.11)

📢 Advisory Summary

Vulnerability Type: Path Traversal (CWE-22)

Affected Plugin: WordPress File Upload

Impacted Versions: ≤ 4.24.11

CVSSv3 Score: 7.5 (High) [AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N]

Attack Vector: Remote unauthenticated

Prerequisite: PHP ≤ 7.4

💥 Impact

Successful exploitation allows:
✓ Unauthorized file system access
✓ Potential sensitive file disclosure (wp-config.php, etc.)
✓ Server-side request forgery (SSRF) opportunities

🛡️ Mitigation Steps

Immediate Action:

Upgrade to WordPress File Upload ≥ v4.24.12

Migrate to PHP 8.0+ (disables dangerous path functions)

Detection:

SQL: 
 

SELECT * FROM wp_options WHERE option_name = 'wordpress_file_upload' AND option_value LIKE '%4.24.11%';

Emergency Workaround:

Disable plugin via WP-CLI:

wp plugin deactivate wordpress-file-upload

⚙️ Technical Details

Root Cause: Improper sanitization of filepath parameter

Exploit Trigger: Malicious ../ sequences in upload requests

PHP Dependency: Relies on deprecated realpath() behavior in PHP ≤7.4

📌 Vendor Response

Patch Released: v4.24.12 Changelog

Fixed By: Strict path normalization and PHP 8.0+ requirement

🔍 References

WordPress Plugin Directory Advisory

MITRE CVE Entry

Patch Diff Analysis *

#WordPressSecurity #PathTraversal #WebSecurity #CVE20249047