Home

Description

The EKC Tournament Manager WordPress plugin before 2.2.2 allows a logged in admin to download system files outside of the WordPress directory

PUBLISHED Reserved 2024-10-09 | Published 2025-05-15 | Updated 2025-05-16 | Assigner WPScan

Problem types

CWE-552 Files or Directories Accessible to External Parties

Product status

Default status
unaffected

Any version before 2.2.2
affected

Credits

Vuln Seeker Cybersecurity Team finder

WPScan coordinator

References

wpscan.com/...rability/c86157b0-43f3-4e82-9697-7dd9401b48d6/ exploit vdb-entry technical-description

cve.org (CVE-2024-9765)

nvd.nist.gov (CVE-2024-9765)

Download JSON