Vulnerabilities

CVE-2020-24144

July 10, 2021

Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation.

Summary:

Reference Links(if available):

https://ru.wordpress.org/plugins/media-file-organizer/

https://github.com/secwx/research/blob/main/cve/CVE-2020-24144.md

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

November 22, 2024

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

November 22, 2024

[QILIN] – Ransomware Victim: LBCO Contracting LTD

November 22, 2024

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

[QILIN] – Ransomware Victim: Calvert Home Mortgage Investment

[QILIN] – Ransomware Victim: LBCO Contracting LTD