CVE-2024-5599
published 2024-06-07CVE-2024-5599: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.52%
40.3th percentile
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fileorganizer | fileorganizer | < 1.0.8 | 1.0.8 |
| softaculous | fileorganizer_wordpress_file_manager | <= 1.0.7 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-267m-qxcr-pvm4: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and
ghsa_unreviewed·2024-06-07
CVE-2024-5599 [HIGH] CWE-922 GHSA-267m-qxcr-pvm4: The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and
The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.
GHSA
Ant Media Server vulnerable to a local privilege escalation
ghsa·2024-04-22·CVSS 7.8
CVE-2024-32656 [HIGH] CWE-862 Ant Media Server vulnerable to a local privilege escalation
Ant Media Server vulnerable to a local privilege escalation
### Impact
We have identified a local privilege escalation vulnerability in Ant Media Server which allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. This vulnerability is nearly identical to the local privilege escalation vulnerability CVE-2023-26269 identified in Apache James.
Any unprivileged operating system user can connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. This allows an attacker to
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/ajax.php#L85https://plugins.trac.wordpress.org/changeset/3098763/https://www.wordfence.com/threat-intel/vulnerabilities/id/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=cvehttps://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/ajax.php#L85https://plugins.trac.wordpress.org/changeset/3098763/https://www.wordfence.com/threat-intel/vulnerabilities/id/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=cve
2024-06-07
Published