How severe is CVE-2024-10857?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-10857?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2024-10857 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Related Vulnerabilities

CVE-2021-1355

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1357

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2023-21416

MEDIUM

CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the ove...

CWE-352023

CVE-2023-39916

MEDIUM

CVSS:6.5(Medium)

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the cont...

CWE-352023

CVE-2023-5885

MEDIUM

CVSS:6.5(Medium)

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.

CWE-352023

CVE-2024-12087

MEDIUM

CVSS:6.5(Medium)

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even i...

CWE-352024