CVE-2024-3934

The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663
https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706&old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php
https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278&old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve

Configurations

No configuration.

History

No history.

Information

Published : 2024-07-20 04:15

Updated : 2024-07-22 13:00

NVD link : CVE-2024-3934

Mitre link : CVE-2024-3934

CVE.ORG link : CVE-2024-3934

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-3934", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-20T04:15:03.150", "references": [{"url": "https://plugins.trac.wordpress.org/browser/woocommerce-mercadopago/trunk/src/Admin/Settings.php#L663", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3098023/woocommerce-mercadopago/trunk/src/IO/Downloader.php?old=3078706&old_path=woocommerce-mercadopago%2Ftrunk%2Fsrc%2FIO%2FDownloader.php", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset/3119214/woocommerce-mercadopago/tags/7.6.2/src/IO/Downloader.php?old=3108278&old_path=woocommerce-mercadopago%2Ftags%2F7.6.1%2Fsrc%2FIO%2FDownloader.php", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1674e81e-6a75-436c-b219-8ec0a484a134?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in versions 7.3.0 to 7.5.1 via the mercadopagoDownloadLog function. This makes it possible for authenticated attackers, with subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information. The arbitrary file download was patched in 7.5.1, while the missing authorization was corrected in version 7.6.2."}, {"lang": "es", "value": "El complemento Mercado Pago payments for WooCommerce para WordPress es vulnerable a Path Traversal en las versiones 7.3.0 a 7.5.1 a trav\u00e9s de la funci\u00f3n mercadopagoDownloadLog. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, descarguen y lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial. La descarga de archivos arbitrarios fue parcheada en la versi\u00f3n 7.5.1, mientras que la autorizaci\u00f3n faltante se corrigi\u00f3 en la versi\u00f3n 7.6.2."}], "lastModified": "2024-07-22T13:00:53.287", "sourceIdentifier": "security@wordfence.com"}