CVE-2024-7135

MEDIUM

Tainacan <= 0.21.7 - Authenticated Arbitrary File Read via Missing Authorization in get_file Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-7135. PoCs published by RandomRobbieBF, Boshe99, Nxploited.

AI-analyzed exploit summary This PoC exploits an authenticated arbitrary file read vulnerability in the Tainacan WordPress plugin (CVE-2024-7135) via directory traversal and missing authorization checks. It logs in as a WordPress user and reads arbitrary files by abusing the 'get_file' function.

Description

The Tainacan plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_file' function in all versions up to, and including, 0.21.7. The function is also vulnerable to directory traversal. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Exploits (3)

nomisec WORKING POC 1 stars
by RandomRobbieBF · poc
https://github.com/RandomRobbieBF/CVE-2024-7135

This PoC exploits an authenticated arbitrary file read vulnerability in the Tainacan WordPress plugin (CVE-2024-7135) via directory traversal and missing authorization checks. It logs in as a WordPress user and reads arbitrary files by abusing the 'get_file' function.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Tainacan WordPress plugin <= 0.21.7
Auth required
Prerequisites: WordPress with Tainacan plugin <= 0.21.7 · Valid WordPress credentials (Subscriber+ role)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-7135

The repository contains functional exploit code for CVE-2024-7135, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the exploit by uploading a shell file to a vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: Vulnerable WordPress plugin installed · Network access to the target
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC
by Nxploited · poc
https://github.com/Nxploited/CVE-2024-7135

This PoC exploits CVE-2024-7135, an arbitrary file read vulnerability in the Tainacan WordPress plugin (≤0.21.7) due to missing capability checks and directory traversal. It authenticates as a WordPress user, extracts a nonce, and reads arbitrary files via a crafted API request.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: WordPress Tainacan plugin ≤0.21.7
Auth required
Prerequisites: Valid WordPress credentials (Subscriber-level or higher) · Tainacan plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.5
EPSS 0.0269
EPSS Percentile 83.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (2)
tainacan/Tainacan < 0.21.7
tainacan/tainacan < 0.21.8
Published Jul 31, 2024
Tracked Since Feb 18, 2026