vulnerability

WordPress Plugin: visualizer: CVE-2024-45293: Improper Restriction of XML External Entity Reference

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Oct 7, 2024	May 15, 2025	Jun 24, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Oct 7, 2024

Added

May 15, 2025

Modified

Jun 24, 2025

Description

The security scanner that prevents XXE attacks in the XLSX reader can be bypassed by slightly modifying the XML structure, utilizing white spaces. On servers that allow users to upload their own Excel (XLSX) sheets, Server files, and sensitive information can be disclosed by providing a crafted sheet.

Solution

visualizer-plugin-cve-2024-45293

References

URL-https://www.cve.org/CVERecord?id=CVE-2024-45293
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/38f950b7-e3a0-4e05-a8b0-9cc6b6c66b0c?source=api-prod
CVE-2024-45293
https://attackerkb.com/topics/CVE-2024-45293
CWE-611

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today