CVE-2024-13117: Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal

Description

The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded

Classification

CVE ID: CVE-2024-13117

Affected Products

Vendor: Unknown

Product: Social Share Buttons for WordPress

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-25 (when was this score calculated)

References

https://wpscan.com/vulnerability/3234cdac-f328-4f1e-a1de-31fbd86aefb9/

Timeline

2025-01-28 00:30:20 UTC
CVE

Social Share Buttons for WordPress <= 2.7 - Unauthenticated Image Upload & Path Traversal