CVE-2024-5599

HIGH EPSS 40.3%

Published Jun 7, 20242y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Jun 7, 2024 2y ago

Last Modified Jun 17, 2026 1w ago

Description

The FileOrganizer – Manage WordPress and Website Files plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.7 via the 'fileorganizer_ajax_handler' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive information if the files have been moved to the built-in Trash folder.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

40.3% percentile

Exploit & Patch Status

No Known Exploit

Patch Available

Weaknesses 1

CWE-922

Affected Products 1

Vendor	Product	Version	Range
fileorganizer	fileorganizer	*	<1.0.8

References 3

plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/fileorganizer/trunk/main/ajax.php#L85

Product
plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3098763/

Patch
wordfence.com https://www.wordfence.com/threat-intel/vulnerabilities/id/78e7b65d-91f8-477e-b992-3148c1b65d7b?source=cve

Third Party Advisory

Remediation

plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset/3098763/

Patch