CVE-2024-9765

MEDIUM NUCLEI

EKC Tournament Manager <2.2.2 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-9765 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory

Nuclei Templates (1)

EKC Tournament Manager WordPress plugin - Path Traversal
MEDIUMVERIFIEDby Sourabh-Sahu

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/c86157b0-43f3-4e82-9697-7dd9401b48d6/

Scores

CVSS v3 6.5
EPSS 0.0141
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

Status published
Products (1)
lukashuser/ekc_tournament_manager < 2.2.2
Published May 15, 2025
Tracked Since Feb 18, 2026