WordPress Plugin Security Update Advisory (CVE-2024-11613)

Jan 09 2025

Overview

We have released a security update to address a vulnerability in the WordPress File Upload plugin. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2024-11613

WordPress File Upload Version: ~4.24.15 (inclusive)

Resolved Vulnerabilities

Remote code execution, arbitrary file read and delete vulnerability due to lack of input validation and allowing custom directory paths (CVE-2024-11613)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-11613

WordPress File Upload Version: 4.25.0

References

[1] WordPress File Upload <= 4.24.15 – Unauthenticated Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-file-upload/wordpress-file-upload-42415-unauthenticated-remote-code-execution-arbitrary-file-read-and-arbitrary-file-deletion

WordPress Plugin Security Update Advisory (CVE-2024-11613)

Dell Product Security Update Advisory (CVE-2025-22395)

Google Chrome Browser (131.0.6778.264/.265) Security Update Advisory

Tags:

Dell Product Security Update Advisory (CVE-2025-22395)

Google Chrome Browser (131.0.6778.264/.265) Security Update Advisory