VYPR
Medium severity6.5NVD Advisory· Published Oct 1, 2024· Updated Jun 17, 2026

CVE-2024-9224

CVE-2024-9224

Description

The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:kau-boys:hello_world:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:kau-boys:hello_world:*:*:*:*:*:wordpress:*:*range: <2.2.0
    • (no CPE)range: <=2.1.1
  • WordPress/Hello Worldwp-canonicalize

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.