How severe is CVE-2024-2654?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-2654?

This is classified as CWE-35, which is a common weakness in software security.

CVE-2024-2654 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

The File Manager plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 7.2.5 via the fm_download_backup function. This makes it possible for authenticated attackers, with administrator access and above, to read the contents of arbitrary zip files on the server, which can contain sensitive information.

Related Vulnerabilities

CVE-2025-24907

MEDIUM

CVSS:6.8(Medium)

Overview The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that...

CWE-352025

CVE-2025-24908

MEDIUM

CVSS:6.8(Medium)

CWE-352025

CVE-2025-26876

MEDIUM

CVSS:6.8(Medium)

Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.

CWE-352025

CVE-2023-41793

MEDIUM

CVSS:6.7(Medium)

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. Thi...

CWE-352023

CVE-2021-1355

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021

CVE-2021-1357

MEDIUM

CVSS:6.5(Medium)

Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on ...

CWE-352021