Vulnerability Description
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://themeforest.net/item/envolve-consulting-business-wordpress-theme/2874845
- https://www.wordfence.com/threat-intel/vulnerabilities/id/05909e9c-4f57-4556-bae
FAQ
What is CVE-2024-11615?
CVE-2024-11615 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. Thi...
How severe is CVE-2024-11615?
CVE-2024-11615 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-11615?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.