How severe is CVE-2024-12066?

CVE-2024-12066 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-12066

8.8HIGH

The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and includ

Published: 12/21/2024Updated: 12/21/2024

Description

The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

AI AnalysisPowered by AI

References

https://plugins.trac.wordpress.org/browser/smsa-shipping-official/trunk/smsa-express-shipping.php#L235
https://www.wordfence.com/threat-intel/vulnerabilities/id/29d72347-ba49-45c6-a964-2c75064ac866?source=cve