The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Published: 2024-10-01
CVSS: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Download CVE-2024-9224 POC (Proof-of-Concept) here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
Check my portfolio here:
https://tlncglobal.com/poc-712-cve-2024-55982/
https://tlncglobal.com/poc-470-cve-2024-9977/
https://tlncglobal.com/poc-833-cve-2024-5057/
Taisja Laudy to jedna z najbardziej doświadczonychGallup Certified Global Strengths Coachw Polsce i Europie.