CVE-2024-10011

HIGH

BuddyPress <14.1.0 - Path Traversal

Title source: llm

Description

The BuddyPress plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 14.1.0 via the id parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory and enables file uploads to directories outside of the web root. Depending on server configuration it may be possible to upload files with double extensions.

References (5)

Core 5

Core References

Release Notes

https://codex.buddypress.org/releases/version-14-2-1/

Product

https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1270

Product

https://github.com/buddypress/buddypress/blob/master/src/bp-core/bp-core-avatars.php#L1370

View Writeup ZIP pw:eip

Product

https://plugins.trac.wordpress.org/changeset/3173924/buddypress/trunk/bp-core/bp-core-avatars.php?contextall=1&old=3102524&old_path=%2Fbuddypress%2Ftrunk%2Fbp-core%2Fbp-core-avatars.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/4327f414-64f4-4193-a5c0-2a5ecdd75e11?source=cve

Scores

CVSS v3 8.1

EPSS 0.0091

EPSS Percentile 55.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-22

Status published

Products (2)

buddypress/buddypress < 14.1.0

buddypress/BuddyPress < 14.1.0

Published Oct 25, 2024

Tracked Since Feb 18, 2026