CVE-2024-3551

Name of the Vulnerable Software and Affected Versions Penci Soledad Data Migrator plugin for WordPress versions up to, and including, 1.3.0

Description The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion via the data parameter. This allows unauthenticated attackers to include and execute arbitrary PHP files on the server, enabling them to bypass access controls, obtain sensitive data, or achieve code execution. This vulnerability is limited to PHP files and can be exploited in cases where images and other “safe” file types can be uploaded and included.

Recommendations For Penci Soledad Data Migrator plugin for WordPress versions up to, and including, 1.3.0: Update to a version higher than 1.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the data parameter to minimize the risk of exploitation.