{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-47645", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-09-30T11:17:02.622Z", "datePublished": "2024-10-16T13:35:10.142Z", "dateUpdated": "2026-04-28T16:10:20.911Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wpoptin", "product": "Top Bar \u2013 PopUps \u2013 by WPOptin", "vendor": "Danish Ali Malik", "versions": [{"changes": [{"at": "2.0.2", "status": "unaffected"}], "lessThanOrEqual": "2.0.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "tahu.datar | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:27:58.480Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows PHP Local File Inclusion.<p>This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through <= 2.0.1.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through <= 2.0.1."}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "PHP Local File Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:10:20.911Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wpoptin/vulnerability/wordpress-wpoptin-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve"}], "title": "WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability"}, "adp": [{"affected": [{"vendor": "sajidjaved", "product": "top_bar-popups-by_wpoptin", "cpes": ["cpe:2.3:a:sajidjaved:top_bar-popups-by_wpoptin:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-16T15:27:47.676330Z", "id": "CVE-2024-47645", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-16T15:29:14.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47645", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-16T15:27:47.676330Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sajidjaved:top_bar-popups-by_wpoptin:*:*:*:*:*:*:*:*"], "vendor": "sajidjaved", "product": "top_bar-popups-by_wpoptin", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.0.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-16T15:29:10.145Z"}}], "cna": {"title": "WordPress WPOptin plugin <= 2.0.1 - Local File Inclusion vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "tahu.datar (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-252", "descriptions": [{"lang": "en", "value": "CAPEC-252 PHP Local File Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Sajid Javed", "product": "Top Bar \u2013 PopUps \u2013 by WPOptin", "versions": [{"status": "affected", "changes": [{"at": "2.0.2", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.0.1"}], "packageName": "wpoptin", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 2.0.2 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 2.0.2 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/wpoptin/wordpress-wpoptin-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar \u2013 PopUps \u2013 by WPOptin allows PHP Local File Inclusion.This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through 2.0.1.", "supportingMedia": [{"type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sajid Javed Top Bar \u2013 PopUps \u2013 by WPOptin allows PHP Local File Inclusion.<p>This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through 2.0.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-10-16T13:35:10.142Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47645", "state": "PUBLISHED", "dateUpdated": "2024-10-16T15:29:14.545Z", "dateReserved": "2024-09-30T11:17:02.622Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-10-16T13:35:10.142Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Danish Ali Malik Top Bar \u2013 PopUps \u2013 by WPOptin wpoptin allows PHP Local File Inclusion.This issue affects Top Bar \u2013 PopUps \u2013 by WPOptin: from n/a through <= 2.0.1."}, {"lang": "es", "value": "La vulnerabilidad de limitaci\u00f3n incorrecta de una ruta a un directorio restringido ('Path Traversal') en Sajid Javed Top Bar \u2013 PopUps \u2013 de WPOptin permite la inclusi\u00f3n de archivos locales en PHP. Este problema afecta a Top Bar \u2013 PopUps \u2013 de WPOptin: desde n/a hasta 2.0.1."}], "id": "CVE-2024-47645", "lastModified": "2026-04-23T15:19:24.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-10-16T14:15:06.407", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wpoptin/vulnerability/wordpress-wpoptin-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}