Login Sign Up

CVE-2024-5852

4.3 MEDIUM

📋 TL;DR

The WordPress File Upload plugin contains a directory traversal vulnerability that allows authenticated attackers with Contributor-level access or higher to upload limited files to arbitrary locations on the web server. This affects all versions up to and including 4.24.7. Attackers can potentially place malicious files in unintended directories.

💻 Affected Systems

Products:
  • WordPress File Upload plugin
Versions: All versions up to and including 4.24.7
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the vulnerable plugin enabled and at least one user with Contributor role or higher.

📦 What is this software?

Wordpress File Upload by Iptanus

View all CVEs affecting Wordpress File Upload →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could upload web shells or malicious scripts to sensitive directories, potentially leading to remote code execution, data theft, or complete site compromise.

🟠

Likely Case

Attackers upload malicious files to accessible directories, potentially defacing websites, distributing malware, or establishing persistence for further attacks.

🟢

If Mitigated

With proper file type restrictions and directory permissions, impact is limited to uploading allowed file types to unintended locations.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access with at least Contributor privileges. The vulnerability is in the 'uploadpath' parameter of the wordpress_file_upload shortcode.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.24.8 and later

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3118456%40wp-file-upload&new=3118456%40wp-file-upload

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'WordPress File Upload' plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 4.24.8+ from WordPress plugin repository and manually update.

🔧 Temporary Workarounds

Disable vulnerable shortcode

all

Remove or disable the wordpress_file_upload shortcode from posts/pages

Restrict user roles

all

Temporarily remove Contributor role access or limit who can create/edit posts

🧯 If You Can't Patch

  • Implement strict file upload restrictions in web server configuration
  • Monitor file upload directories for unexpected files and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for WordPress File Upload version. If version is 4.24.7 or lower, you are vulnerable.

Check Version:

wp plugin list --name='wordpress-file-upload' --field=version

Verify Fix Applied:

After updating, verify plugin version shows 4.24.8 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to non-standard directories
  • Multiple failed upload attempts with directory traversal patterns

Network Indicators:

  • POST requests to upload endpoints with 'uploadpath' parameter containing '../' sequences

SIEM Query:

source="wordpress.log" AND "uploadpath" AND ("../" OR "..\")

📊 Metadata

CVE ID: CVE-2024-5852
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-22
Published: July 16, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5852, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)