Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2024-51169 | The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content. |
Mon, 27 Jan 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Sat, 25 Jan 2025 07:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versions up to, and including, 10.4.66. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary folders on the server and all their content. | |
| Title | Connections Business Directory <= 10.4.66 - Authenticated (Admin+) Arbitrary Directory Deletion | |
| Weaknesses | CWE-22 | |
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-04-08T16:42:30.940Z
Reserved: 2024-12-20T22:37:11.424Z
Link: CVE-2024-12885
Updated: 2025-01-27T15:37:07.262Z
Status : Deferred
Published: 2025-01-25T08:15:08.633
Modified: 2026-06-17T07:00:42.177
Link: CVE-2024-12885
No data.
OpenCVE Enrichment
No data.
EUVD