漏洞描述
WordPress File Upload插件是一款WordPress网站的实用插件,它允许用户地将文件上传到wp-contents目录, 插件支持自定义字段,同时,它还提供了进度条监视功能,让用户可以实时了解上传进度。WordPress File Upload 插件在 <= 4.24.11 版本中,wfu_file_downloader.php 文件存在任意文件读取漏洞。攻击者可以通过构造恶意请求读取服务器上的任意文件,可能导致敏感信息泄露或进一步的攻击。
WordPress File Upload 插件 /wfu_file_downloader.php 文件读取漏洞(CVE-2024-9047)
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload
- POC wordpress-meta-box-fpd: WordPress Meta Box - Full Path Disclosure
- POC wp-add-search-to-menu-fpd: WordPress Ivory Search - Full Path Disclosure
- POC wp-advanced-iframe-fpd: WordPress Advanced iFrame - Full Path Disclosure
- POC wp-advanced-responsive-video-embedder-fpd: WordPress Advanced Responsive Video Embedder - Full Path Disclosure
- POC wp-ajax-load-more-anything-fpd: WordPress Load More Anything - Full Path Disclosure
- POC wp-ajax-search-lite-fpd: WordPress Ajax Search Lite - Full Path Disclosure
- POC wp-all-in-one-seo-pack-fpd: WordPress All in One SEO Pack - Full Path Disclosure
- POC wp-astra-fpd: WordPress Astra - Full Path Disclosure
- POC wp-better-wp-security-fpd: WordPress Plugin iThemes Security - Full Path Disclosure
- POC wp-call-now-button-fpd: WordPress Call Now Button - Full Path Disclosure
- POC wp-contact-form-7-fpd: WordPress Contact Form 7 - Full Path Disclosure