Login Sign Up

CVE-2020-24144

8.6 HIGH

📋 TL;DR

This vulnerability allows attackers to perform directory traversal attacks via the items[] parameter in move operations in the Media File Organizer WordPress plugin. Attackers can access files stored outside the web root folder, potentially exposing sensitive system files. WordPress sites using version 1.0.1 of this plugin are affected.

💻 Affected Systems

Products:
  • WordPress Media File Organizer plugin
Versions: 1.0.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the vulnerable plugin version installed and activated.

📦 What is this software?

Media File Organizer by Media File Organizer Project

View all CVEs affecting Media File Organizer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like /etc/passwd, /etc/shadow, or database credentials, leading to full site takeover and potential lateral movement.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or backup files, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper file permissions and web server configurations that restrict access to sensitive directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to WordPress with appropriate permissions to use the plugin's move functionality.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.2 or later

Vendor Advisory: https://ru.wordpress.org/plugins/media-file-organizer/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Media File Organizer. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.

🔧 Temporary Workarounds

Disable plugin

all

Deactivate the Media File Organizer plugin to prevent exploitation

wp plugin deactivate media-file-organizer

Restrict file access

linux

Configure web server to deny access to sensitive directories

# Add to .htaccess for Apache:
<FilesMatch "\.(php|inc|conf|sql|log|txt)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Remove plugin entirely from the WordPress installation
  • Implement strict file permission controls and disable directory traversal at web server level

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Media File Organizer → Version. If version is 1.0.1, system is vulnerable.

Check Version:

wp plugin get media-file-organizer --field=version

Verify Fix Applied:

Verify plugin version is 1.0.2 or later, or confirm plugin is deactivated/removed.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in web server logs
  • Multiple requests with '../' sequences in parameters
  • Access attempts to sensitive system files

Network Indicators:

  • HTTP requests containing '../' sequences in items[] parameter
  • Unusual file paths in move operation requests

SIEM Query:

web.url:*items%5B%5D=..%2F* OR web.url:*items[]=../*

📊 Metadata

CVE ID: CVE-2020-24144
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-22
Published: July 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24144, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)