CVE-2024-9765: EKC Tournament Manager < 2.2.2 - Local File Download Vulnerability
6.5
CVSS
Description
The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory
Classification
CVE ID: CVE-2024-9765
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Problem Types
CWE-552 Files or Directories Accessible to External PartiesAffected Products
Vendor: Unknown
Product: EKC Tournament Manager
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 8.49% (scored less or equal to compared to others)
EPSS Date: 2025-06-07 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-9765https://wpscan.com/vulnerability/c86157b0-43f3-4e82-9697-7dd9401b48d6/