High severity7.5NVD Advisory· Published Jan 8, 2025· Updated Apr 8, 2026
CVE-2024-9939
CVE-2024-9939
Description
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*Range: <4.24.14
- Range: <=4.24.13
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.