PT-2024-36643 · WordPress · The Fileorganizer – Manage Wordpress/Website Files

Emad

Published

2024-06-07

Updated

2024-06-11

CVE-2024-5599

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions The FileOrganizer – Manage WordPress and Website Files plugin for WordPress versions up to, and including, 1.0.7

Description The issue allows unauthenticated attackers to extract sensitive data, including backups or other sensitive information, if the files have been moved to the built-in Trash folder. This is possible via the fileorganizer ajax handler function.

Recommendations For versions up to, and including, 1.0.7, update to a version later than 1.0.7 to resolve the issue. As a temporary workaround, consider disabling the fileorganizer ajax handler function until a patch is available. Restrict access to the built-in Trash folder to minimize the risk of exploitation.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2024-5599

Affected Products

The Fileorganizer – Manage Wordpress/Website Files

PT-2024-36643 · WordPress · The Fileorganizer – Manage Wordpress/Website Files

CVE-2024-5599

Weakness Enumeration

Related Identifiers

Affected Products

References · 7