CVE-2024-32111
📋 TL;DR
This path traversal vulnerability in WordPress allows authenticated users with contributor-level permissions to read arbitrary HTML files on Windows servers. It affects WordPress core versions from 4.2 through 6.5.4, potentially exposing sensitive file contents.
💻 Affected Systems
- WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Contributor-level users could read sensitive HTML files containing credentials, configuration data, or other confidential information stored on the Windows server.
Likely Case
Authenticated contributors reading HTML files they shouldn't have access to, potentially exposing internal documentation or configuration details.
If Mitigated
Limited to authenticated users with contributor permissions reading HTML files only on Windows servers.
🎯 Exploit Status
Requires contributor-level authentication and Windows server environment. Exploitation details are not publicly documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: WordPress 6.5.5, 6.4.5, 6.3.5, 6.2.6, 6.1.7, 6.0.9, 5.9.10, 5.8.10, 5.7.12, 5.6.14, 5.5.15, 5.4.16, 5.3.18, 5.2.21, 5.1.19, 5.0.22, 4.9.26, 4.8.25, 4.7.29, 4.6.29, 4.5.32, 4.4.33, 4.3.34, 4.2.38, 4.1.41
Vendor Advisory: https://wordpress.org/news/2024/06/wordpress-6-5-5/
Restart Required: No
Instructions:
1. Backup your WordPress site and database. 2. Update WordPress through Dashboard > Updates. 3. Or manually download latest version from wordpress.org and replace core files. 4. Verify update completed successfully.
🔧 Temporary Workarounds
Restrict Contributor Permissions
allTemporarily limit contributor accounts or elevate to trusted users only
Migrate to Linux Server
allMove WordPress installation from Windows to Linux/Unix server
🧯 If You Can't Patch
- Implement strict file permission controls on Windows server to limit HTML file access
- Monitor contributor account activity and implement additional authentication controls
🔍 How to Verify
Check if Vulnerable:
Check WordPress version in Dashboard > Updates or via wp-admin/about.php. If version is between 4.2-6.5.4 and running on Windows, you are vulnerable.Check Version:
In WordPress admin, go to Dashboard > Updates, or check wp-includes/version.php fileVerify Fix Applied:
Verify WordPress version is updated to patched version (e.g., 6.5.5 or corresponding security release).📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns by contributor users
- Multiple failed file read attempts from contributor accounts
- Access to non-standard HTML file paths
Network Indicators:
- HTTP requests with path traversal patterns from authenticated sessions
- Unusual file download patterns from contributor accounts
SIEM Query:
source="wordpress" AND (uri="*..\\*" OR uri="*..\/*") AND user_role="contributor" AND os="windows"🔗 References
- https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve
- https://wordpress.org/news/2024/06/wordpress-6-5-5/
- https://patchstack.com/database/vulnerability/wordpress/wordpress-core-6-5-5-contributor-arbitrary-html-file-read-windows-only-vulnerability?_s_id=cve
- https://wordpress.org/news/2024/06/wordpress-6-5-5/
