CVE-2024-13720
Published: 30 January 2025
Description
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Security Summary
CVE-2024-13720 affects the WP Image Uploader plugin for WordPress, where insufficient file path validation in the gky_image_uploader_main_function() function enables arbitrary file deletion. This vulnerability impacts all versions up to and including 1.0.1. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-352 (Cross-Site Request Forgery) and CWE-22 (Path Traversal).
Unauthenticated attackers can exploit this issue to delete arbitrary files on the server. By targeting critical files such as wp-config.php, exploitation can easily lead to remote code execution, granting severe compromise of the affected WordPress site.
The Wordfence threat intelligence advisory provides further details on the vulnerability at https://www.wordfence.com/threat-intel/vulnerabilities/id/4af41f69-1335-4199-bf29-c9699de50a16?source=cve, and the plugin source code highlights the issue in index.php at line 85 (https://plugins.trac.wordpress.org/browser/wp-image-uploader/trunk/index.php#L85). No specific patches or mitigation steps are detailed in the available information.
Details
- CWE(s)