Login Sign Up

CVE-2024-43955

10.0 CRITICAL
Path Traversal

📋 TL;DR

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that allows attackers to download or delete arbitrary files on affected systems. This affects all Droip plugin versions up to and including 1.1.1. WordPress sites using vulnerable versions are at immediate risk.

💻 Affected Systems

Products:
  • Themeum Droip WordPress Plugin
Versions: n/a through 1.1.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects WordPress installations with Droip plugin enabled. No special configuration required.

📦 What is this software?

Droip by Themeum

View all CVEs affecting Droip →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through sensitive file access (e.g., wp-config.php with database credentials), website defacement, or malware installation leading to data breach and service disruption.

🟠

Likely Case

Unauthorized file access leading to credential theft, configuration exposure, or website defacement.

🟢

If Mitigated

Limited impact if file permissions restrict access to critical system files and web server runs with minimal privileges.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit requires only HTTP requests with crafted parameters. Public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.2 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/droip/wordpress-droip-plugin-1-1-1-unauthenticated-arbitrary-file-download-deletion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Droip plugin and update to version 1.1.2 or later. 4. If update not available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable Droip Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate droip

Web Application Firewall Rule

all

Block path traversal patterns in requests to Droip endpoints

ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'

🧯 If You Can't Patch

  • Immediately deactivate and remove the Droip plugin from all WordPress installations.
  • Implement strict file system permissions and monitor for unauthorized file access attempts.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Droip version 1.1.1 or earlier.

Check Version:

wp plugin list --name=droip --field=version

Verify Fix Applied:

Verify Droip plugin version is 1.1.2 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '..' or '../' patterns to Droip plugin endpoints
  • Unusual file access patterns in web server logs

Network Indicators:

  • HTTP requests with path traversal sequences to /wp-content/plugins/droip/ endpoints

SIEM Query:

source="web_access.log" AND uri="/wp-content/plugins/droip/*" AND (uri="*../*" OR args="*../*")

📊 Metadata

CVE ID: CVE-2024-43955
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
CWE: CWE-22
Published: August 29, 2024
Last Updated: August 30, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43955, you might also want to check these:

CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)
CVE-2025-26615 10.0

A path traversal vulnerability in WeGIA's examples.php endpoint allows attackers to read the config....

Same vulnerability type (CWE-22)