This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Path Traversal in 'PDF Generator Addon for Elementor'. π₯ **Consequences**: Attackers can read **arbitrary files** on the server. π **Impact**: Sensitive data exposure (config files, source code). π **Severβ¦
π‘οΈ **CWE**: CWE-22 (Path Traversal). π **Flaw**: The `rtw_pgaepb_dwnld_pdf()` function fails to sanitize input. π **Root Cause**: Unchecked user-supplied file paths allow `../` sequences to escape the intended directory.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: Redefiningtheweb. π¦ **Product**: PDF Generator for WordPress Elementor. π **Affected**: Versions **1.7.5 and earlier**. β **Fixed**: Version 1.7.6+ (implied by 'up to 1.7.5').
Q4What can hackers do? (Privileges/Data)
π΅οΈ **Privileges**: **Unauthenticated**. No login needed. π **Data Access**: Read **any file** accessible by the web server. π **Risk**: Extract database credentials, `.env` files, or core WordPress code. π£ **Lateral Moveβ¦
π₯ **Public Exploits**: **YES**. π **PoCs**: Available on GitHub (RandomRobbieBF, verylazytech, Nxploited). π€ **Automated**: Nuclei templates exist for mass scanning. π **Status**: Active exploitation is trivial.
Q7How to self-check? (Features/Scanning)
π **Check**: Send GET request to `/?rtw_generate_pdf=true&rtw_pdf_file=../../../etc/passwd`. π‘ **Scan**: Use Nuclei template `CVE-2024-9935.yaml`. π **Visual**: If server returns file content, you are vulnerable. π οΈ **Toβ¦