CVE-2024-27954

Name of the Vulnerable Software and Affected Versions WP Automatic versions through 3.92.0

Description The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in WP Automatic. This vulnerability allows for Path Traversal and Server Side Request Forgery (SSRF) attacks. The vulnerability is associated with insufficient validation of incoming requests, which can be exploited by a remote attacker to conduct an SSRF attack.

Recommendations For versions through 3.92.0, update to a version later than 3.92.0 to resolve the issue. As a temporary workaround, consider restricting access to the downloader.php script to minimize the risk of exploitation. Avoid using the vulnerable WP Automatic plugin until the issue is resolved.