Intrusion PreventionWordPress.WP.File.Upload.wfu_file_downloader.Path.Traversal
Description
This indicates an attack attempt to exploit a Path Traversal Vulnerability in WordPress WP File Upload Plugin.
The vulnerability is due to insufficient validation of user-supplied inputs. An attacker can exploit this vulnerability by sending a maliciously crafted request to the vulnerable application. Successfully exploiting this vulnerability could result in the disclosure of sensitive information.
Outbreak Alert
FortiGuard’s global sensor network report consistently high levels of attack attempts targeting vulnerabilities associated with Earth Lamia APT campaigns. According to Trend Research, the hacking group known as Earth Lamia has been actively targeting a range of sectors- including finance, government, IT, logistics, retail, and education- shifting its focus based on evolving objectives and time periods. The group is known for its high level of activity and primarily exploits known vulnerabilities in public-facing systems and web applications to gain access.
Affected Products
WordPress WP File Upload Plugin prior to 4.24.12
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://en-ca.wordpress.org/plugins/wp-file-upload/
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 57080 |
| Created | Jan 06, 2025 |
| Updated | Feb 11, 2026 |
| CVE ID | |
| Tags | Earth Lamia APT Attack |
| Risk |
|
| Exploit Prediction Score | 93.62% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |
| Profile Type | Path Traversal |