Lucene search

WPScanCVE-2024-5630

HistoryJul 15, 2024 - 6:15 a.m.

CVE-2024-5630

2024-07-1506:15:01

CWE-434

WPScan

web.nvd.nist.gov

wordpress

plugin vulnerability

arbitrary file upload

php shells

cve-2024-5630

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

19.7%

JSON

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Affected configurations

Nvd

Vulners

Vulnrichment

Node

elearningfreakinsert_or_embed_articulate_contentRange<4.3000000024wordpress

VendorProductVersionCPE
elearningfreakinsert_or_embed_articulate_content*cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
elearningfreak	insert_or_embed_articulate_content	*	cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Insert or Embed Articulate Content into WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.3000000024"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

19.7%

JSON

Related for CVE-2024-5630