Cyber Resilience

CVE-2024-50508

High

Published: 30 October 2024

Published
30 October 2024
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2627 96.4th percentile
Risk Priority 31 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50508 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-50508 is a path traversal vulnerability, tracked as CWE-22, that affects the Woocommerce Product Design plugin for WordPress. The flaw exists in all versions through 1.0.0 and carries a CVSS 3.1 score of 7.5, reflecting network-accessible exploitation with no required credentials or user interaction and a high impact on confidentiality.

An unauthenticated attacker can supply crafted path sequences to the vulnerable plugin endpoint, enabling arbitrary file reads from the underlying server filesystem and potential disclosure of sensitive configuration or data files.

The Patchstack advisory at the referenced URL classifies the issue as an arbitrary file download vulnerability and provides the canonical tracking entry for the affected plugin versions.

The associated EPSS score sits at 0.2627 with no material increase from its initial value.

EU & UK References

Vulnerability details

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References