CVE-2024-47324: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability (CVE-2024-47324) was discovered in the WP Timeline – Vertical and Horizontal timeline WordPress plugin affecting versions up to 3.6.7. The vulnerability was reported by researcher Bonds and publicly disclosed on September 25, 2024 (Patchstack).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue that allows PHP Local File Inclusion. It has been assigned a CVSS v3.1 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H (Patchstack).

This vulnerability could allow a malicious actor to include local files of the target website and display their contents. Particularly sensitive files containing credentials, such as database configuration files, could potentially be exposed, leading to complete database compromise depending on the server configuration (Patchstack).

Users are advised to update to version 3.6.8 or later of the WP Timeline plugin to remediate this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).