CVE-2024-12875 – This vulnerability allows authenticated WordPre... (How to Fix)

Q: What is the severity of CVE-2024-12875?

CVE-2024-12875 has a CVSS score of 4.9 (MEDIUM). This vulnerability allows authenticated WordPress administrators to perform directory traversal attacks through the file download functionality, enabling them to read arbitrary files on the server. This affects all versions of the Easy Digital Downloads plugin up to and including 3.3.2.

📋 TL;DR

This vulnerability allows authenticated WordPress administrators to perform directory traversal attacks through the file download functionality, enabling them to read arbitrary files on the server. This affects all versions of the Easy Digital Downloads plugin up to and including 3.3.2.

💻 Affected Systems

Products:

Easy Digital Downloads WordPress plugin

Versions: All versions up to and including 3.3.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator-level WordPress access to exploit. All WordPress installations using vulnerable plugin versions are affected.

📦 What is this software?

Easy Digital Downloads by Awesomemotive

View all CVEs affecting Easy Digital Downloads →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator credentials are compromised, allowing attackers to read sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files, leading to complete site takeover.

🟠

Likely Case

Malicious administrators or compromised admin accounts exfiltrate sensitive configuration data, user information, or other protected files from the server.

🟢

If Mitigated

With proper access controls and monitoring, only legitimate administrators can access the functionality, limiting exposure to trusted personnel.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated administrator access. The vulnerability is in the file download parameter handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.3.3

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3131805/easy-digital-downloads/tags/3.3.3/includes/process-download.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Easy Digital Downloads. 4. Click 'Update Now' if available, or download version 3.3.3+ from WordPress.org. 5. Activate the updated plugin.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily disable the Easy Digital Downloads plugin until patched

wp plugin deactivate easy-digital-downloads

Restrict admin access

all

Implement strict access controls and monitoring for administrator accounts

🧯 If You Can't Patch

Implement strict file system permissions to limit readable directories
Enable detailed logging of file download activities and monitor for suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Easy Digital Downloads → Version. If version is 3.3.2 or lower, you are vulnerable.

Check Version:

wp plugin get easy-digital-downloads --field=version

Verify Fix Applied:

Verify plugin version is 3.3.3 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file download patterns from admin users
Access to files outside expected download directories
Multiple failed download attempts with path traversal patterns

Network Indicators:

Unusual outbound traffic from WordPress server following admin file downloads

SIEM Query:

source="wordpress.log" AND ("process-download.php" OR "edd_process_download") AND ("..\\" OR "../" OR "%2e%2e%2f")

📊 Metadata

CVE ID: CVE-2024-12875

CVSS v3 Score: 4.9 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-73

Published: December 21, 2024

Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12875, you might also want to check these: