CVE-2024-5637: CWE-862 Missing Authorization in vanyukov Market Exporter
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
AI Analysis
Technical Summary
CVE-2024-5637 is a missing authorization vulnerability in the Market Exporter WordPress plugin by vanyukov. The issue arises from the lack of a capability check on the 'remove_files' function, enabling authenticated users with minimal privileges (Subscriber-level and above) to delete arbitrary files on the server via path traversal. This vulnerability affects all versions up to and including 2.0.19. The CVSS 3.1 base score is 7.5, indicating high severity due to the potential for denial of service or disruption of availability. No patch or official fix has been documented in the provided data.
Potential Impact
Exploitation of this vulnerability allows an authenticated attacker with Subscriber-level access or higher to delete arbitrary files on the server hosting the WordPress site. This can lead to denial of service or disruption of the website's availability. There is no indication of confidentiality or integrity impact. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user roles to trusted individuals only and monitor for suspicious activity related to file deletion. Avoid granting Subscriber-level or higher access to untrusted users. Review and harden file permissions on the server to limit the impact of potential file deletions.
CVE-2024-5637: CWE-862 Missing Authorization in vanyukov Market Exporter
Description
The Market Exporter plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'remove_files' function in all versions up to, and including, 2.0.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to use path traversal to delete arbitrary files on the server.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-5637 is a missing authorization vulnerability in the Market Exporter WordPress plugin by vanyukov. The issue arises from the lack of a capability check on the 'remove_files' function, enabling authenticated users with minimal privileges (Subscriber-level and above) to delete arbitrary files on the server via path traversal. This vulnerability affects all versions up to and including 2.0.19. The CVSS 3.1 base score is 7.5, indicating high severity due to the potential for denial of service or disruption of availability. No patch or official fix has been documented in the provided data.
Potential Impact
Exploitation of this vulnerability allows an authenticated attacker with Subscriber-level access or higher to delete arbitrary files on the server hosting the WordPress site. This can lead to denial of service or disruption of the website's availability. There is no indication of confidentiality or integrity impact. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user roles to trusted individuals only and monitor for suspicious activity related to file deletion. Avoid granting Subscriber-level or higher access to untrusted users. Review and harden file permissions on the server to limit the impact of potential file deletions.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-06-04T15:22:44.778Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6bedb7ef31ef0b55cacb
Added to database: 2/25/2026, 9:38:53 PM
Last enriched: 4/9/2026, 7:58:25 AM
Last updated: 4/12/2026, 5:10:40 PM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.