CVE-2024-50508
Published: 30 October 2024
Summary
CVE-2024-50508 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-50508 is a path traversal vulnerability, tracked as CWE-22, that affects the Woocommerce Product Design plugin for WordPress. The flaw exists in all versions through 1.0.0 and carries a CVSS 3.1 score of 7.5, reflecting network-accessible exploitation with no required credentials or user interaction and a high impact on confidentiality.
An unauthenticated attacker can supply crafted path sequences to the vulnerable plugin endpoint, enabling arbitrary file reads from the underlying server filesystem and potential disclosure of sensitive configuration or data files.
The Patchstack advisory at the referenced URL classifies the issue as an arbitrary file download vulnerability and provides the canonical tracking entry for the affected plugin versions.
The associated EPSS score sits at 0.2627 with no material increase from its initial value.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-44931
Vulnerability details
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.