CVE-2024-32111

Vulnerability

Description

CVE-2024-32111 is a path traversal vulnerability in WordPress, affecting installations running on Windows operating systems. The issue stems from improper input validation when handling file paths, specifically within the HTML file reading functionality accessible to users with Contributor-level access. This flaw allows an attacker to use relative path traversal sequences (e.g., ../) to break out of the intended directory and access files outside the allowed scope [1][2].

Exploitation

Prerequisites and Method

To exploit this vulnerability, an attacker must have a Contributor role or higher on a WordPress site hosted on Windows. The attack is performed by sending a crafted request that includes path traversal characters in a parameter used to read HTML files. No other authentication or network position is required beyond the Contributor account. The vulnerability is specific to the way WordPress handles file paths on Windows, where backslashes and drive letters may be interpreted differently than on Unix-based systems [1][2].

Impact

A successful exploit allows the attacker to read arbitrary HTML files from the server's file system. This could include sensitive configuration files, templates, or other HTML files containing secrets such as database credentials or API keys, leading to further compromise of the site or server. The vulnerability does not allow arbitrary file write or code execution directly, but the information disclosure can be a significant stepping stone for more severe attacks [2].

Mitigation and

Status

The vulnerability has been patched in WordPress version 6.5.5, released on June 25, 2024. Users are strongly advised to update their sites immediately, as this is a security release also addressing other vulnerabilities. For sites that cannot be updated, no official workaround is provided, but given the Windows-only nature, hosting providers may implement server-level restrictions to mitigate the risk [1][2].