The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
History

Mon, 24 Feb 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apuswp
Apuswp campress
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:apuswp:campress:*:*:*:*:*:*:*:*
Vendors & Products Apuswp
Apuswp campress

Thu, 13 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 13 Feb 2025 04:45:00 +0000

Type Values Removed Values Added
Description The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included.
Title Campress <= 1.35 - Unauthenticated Local File Inclusion
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2025-02-13T14:34:06.218Z

Reserved: 2024-11-04T07:42:54.390Z

Link: CVE-2024-10763

cve-icon Vulnrichment

Updated: 2025-02-13T14:33:58.974Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-13T05:15:12.943

Modified: 2025-02-24T16:41:26.690

Link: CVE-2024-10763

cve-icon Redhat

No data.