CVE-2024-7135

Name of the Vulnerable Software and Affected Versions Tainacan plugin for WordPress versions up to, and including, 0.21.7

Description The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, potentially containing sensitive information.

Recommendations For versions up to, and including, 0.21.7, consider disabling the get file function until a patch is available to prevent unauthorized access and directory traversal attacks. Restrict access to sensitive files on the server to minimize the risk of exploitation.