Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GHSA-7fmf-f9xm-8gm4] The WHMpress - WHMCS WordPress Integration Plugin plugin... #5322

Closed
wants to merge 1 commit into from
Closed

[GHSA-7fmf-f9xm-8gm4] The WHMpress - WHMCS WordPress Integration Plugin plugin... #5322

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions advisories/unreviewed/2025/02/GHSA-7fmf-f9xm-8gm4/GHSA-7fmf-f9xm-8gm4.json
View file
Original file line number Diff line number Diff line change
@@ -1,19 +1,32 @@
{
"schema_version": "1.4.0",
"id": "GHSA-7fmf-f9xm-8gm4",
"modified": "2025-02-28T09:30:55Z",
"modified": "2025-02-28T09:31:05Z",
"published": "2025-02-28T09:30:55Z",
"aliases": [
"CVE-2024-9193"
],
"summary": "Deleted",
"details": "The WHMpress - WHMCS WordPress Integration Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 6.3-revision-0 via the whmpress_domain_search_ajax_extended_results() function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. Utilizing the /admin/services.php file, this can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
"severity": [
"severity": [],
"affected": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
"package": {
"ecosystem": "GitHub Actions",
"name": ""
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
]
}
],
"affected": [],
"references": [
{
"type": "ADVISORY",
@@ -26,6 +39,10 @@
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f3b0e75-d2f0-48b7-ba33-75c4e998030e?source=cve"
},
{
"type": "PACKAGE",
"url": "All"
}
],
"database_specific": {
Loading
Oops, something went wrong.