CVE-2024-47324
📋 TL;DR
This path traversal vulnerability in the WP Timeline plugin allows attackers to include arbitrary PHP files from the server, potentially leading to remote code execution. It affects WordPress sites using the WP Timeline plugin versions up to 3.6.7. Attackers can exploit this without authentication to read sensitive files or execute malicious code.
💻 Affected Systems
- WP Timeline – Vertical and Horizontal timeline
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.
Likely Case
Sensitive file disclosure (configuration files, database credentials) and limited code execution within web server context.
If Mitigated
Attack blocked at WAF level or file inclusion limited to non-executable files due to server hardening.
🎯 Exploit Status
Path traversal vulnerabilities are commonly exploited and weaponization is likely given the public disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.8 or later
Vendor Advisory: https://patchstack.com/database/vulnerability/wp-timelines/wordpress-wp-timeline-plugin-3-6-7-local-file-inclusion-vulnerability-2?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WP Timeline' plugin. 4. Click 'Update Now' if update available. 5. If no update appears, manually download version 3.6.8+ from WordPress repository.
🔧 Temporary Workarounds
WAF Rule Implementation
allBlock path traversal patterns at web application firewall level.
# Example ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'
Disable Plugin
linuxTemporarily disable the vulnerable plugin until patched.
wp plugin deactivate wp-timelines
🧯 If You Can't Patch
- Remove the plugin entirely from production environment.
- Implement strict file permission controls and disable PHP execution in upload directories.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → WP Timeline version. If version is 3.6.7 or earlier, you are vulnerable.Check Version:
wp plugin get wp-timelines --field=versionVerify Fix Applied:
Confirm plugin version is 3.6.8 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' patterns to plugin endpoints
- Unusual file access attempts in web server logs
- PHP error logs showing file inclusion errors
Network Indicators:
- HTTP requests with path traversal payloads to /wp-content/plugins/wp-timelines/ endpoints
SIEM Query:
source="web_access.log" AND uri="/wp-content/plugins/wp-timelines/*" AND (uri="*../*" OR uri="*..\\*" OR uri="*%2e%2e%2f*")