Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2024-13117
CVE-2024-13117:
WordPress vulnerability analysis and mitigation
Overview
The Social Share Buttons for WordPress plugin through version 2.7 contains a vulnerability that allows unauthenticated users to upload arbitrary images and modify the upload path. This vulnerability was discovered and reported on January 6, 2025, and is tracked as CVE-2024-13117 (WPScan).
Technical details
The vulnerability is classified as a path traversal issue and falls under the OWASP Top 10 category A1: Injection. It has been assigned a CVSS 3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N (NVD).
Impact
The vulnerability allows unauthorized users to upload arbitrary images to the WordPress installation and manipulate the upload path, potentially leading to unauthorized file storage and path traversal issues on the web server (WPScan).
Mitigation and workarounds
Currently, there is no known fix available for this vulnerability. Users of the Social Share Buttons for WordPress plugin should consider either removing the plugin or implementing additional security controls to restrict access to the upload functionality (WPScan).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management