CVE-2024-12885

Name of the Vulnerable Software and Affected Versions Connections Business Directory plugin for WordPress versions up to, and including, 10.4.66

Description The issue is related to insufficient file path validation when deleting a connections image directory, allowing authenticated attackers with Administrator-level access and above to delete arbitrary folders on the server and all their content.

Recommendations For versions up to, and including, 10.4.66, update to a version higher than 10.4.66 to resolve the issue. As a temporary workaround, consider restricting access to the directory deletion functionality to minimize the risk of exploitation.