CVE-2024-7626

The WP Delicious Recipe Plugin for Food Bloggers formerly Delicious

Publication date: 2024-09-11

Last updated on: 2024-09-25

Description

The WP Delicious Recipe Plugin for Food Bloggers formerly Delicious Recipes plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details function in all versions up to, and including, 1.6.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved such as wp-config.php. This can also lead to the reading of arbitrary files that may contain sensitive information like wp-config.php.

CVSS Scores

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Third Party Advisory
Product
Product
Patch

Exploitability

CWE ID	Description
NVD-CWE-Other

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

Meta Information

Date published:

2024-09-11

Date last modified:

2024-09-25

Date generated:

2025-01-15

NVD report:

CVE-2024-7626