cleantalk
Vulnerabilities and Security Researches

WP Hide & Security Enhancer, CVE-2024-11585

CVE, Research URL

CVE-2024-11585

Home page URL

Security reports for WP Hide & Security Enhancer

Application

WP Hide & Security Enhancer

Published on
Dec 06, 2024
Research Description
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss.
Affected versions
Min -, max 2.5.2.
Status
vulnerable
Previous vulnerability researches
WP Hide & Security Enhancer (CVE-2022-2538) , Jun 06, 2024
WP Hide & Security Enhancer (5009dd48981ca7065310dbd9f6cb04bd5738c06b) , Jun 06, 2024
WP Hide & Security Enhancer (CVE-2024-11585) , Dec 07, 2024
New vulnerability
The Plus Addons for Elementor (CVE-2025-49076) , Jun 06, 2025
WP Pipes (CVE-2025-48267) , Jun 06, 2025
Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, (CVE-2025-5292) , Jun 06, 2025
Newsletters (CVE-2025-4857) , Jun 06, 2025
Royal Elementor Addons and Templates (CVE-2025-3813) , Jun 06, 2025