CVE-2024-12152

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
07/01/2025
Last modified:
07/01/2025

Description

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.