Vulnerability Details CVE-2024-9224
The Hello World plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 2.1.1 via the hello_world_lyric() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.468
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2024-9224
-
cpe:2.3:a:kau-boys:hello_world:-
-
cpe:2.3:a:kau-boys:hello_world:1.0.0
-
cpe:2.3:a:kau-boys:hello_world:2.0.0
-
cpe:2.3:a:kau-boys:hello_world:2.0.1
-
cpe:2.3:a:kau-boys:hello_world:2.1.0
-
cpe:2.3:a:kau-boys:hello_world:2.1.1