CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10857

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.4%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2024-10857

Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.0.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.0.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.0.1

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.0.1
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.1

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.1
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.2

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.2
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.3

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.3
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.4

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.4
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.5

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.5
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.6

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.6
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.7

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.7
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.8

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.8
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.1.9

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.1.9
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.10.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.10.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.11.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.11.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.12.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.12.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.12.1

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.12.1
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.12.2

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.12.2
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.13.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.13.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.1

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.1
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.2

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.2
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.3

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.3
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.4

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.4
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.5

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.5
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.6

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.6
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.2.7.

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.2.7.
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.3.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.3.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.3.1

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.3.1
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.3.2

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.3.2
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.4.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.4.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.5.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.5.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.6.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.6.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.7.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.7.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.8.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.8.0
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.8.1.

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.8.1.
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.8.2

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.8.2
Tychesoftwares » Product Input Fields For Woocommerce » Version: 1.9.0

cpe:2.3:a:tychesoftwares:product_input_fields_for_woocommerce:1.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-10857

Products

Pricing

Contact Us