Vulners
Lucene search
CVE-2024-7627
ποΈΒ 05 Sep 2024Β 02:04:24Reported byΒ WordfenceTypeΒ 
Β cveπΒ web.nvd.nist.govπΒ 81Β Viewsπ WEB
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Exploit for Code Injection in Bitapps File_Manager | 8 Jan 202502:32 | β | githubexploit |
| Exploit for Code Injection in Bitapps File_Manager | 4 Oct 202514:38 | β | githubexploit |
 | CVE-2024-7627 | 5 Sep 202406:19 | β | circl |
 | WordPress plugin Bit File Manager 代η 注ε ₯ζΌζ΄ | 5 Sep 202400:00 | β | cnnvd |
 | CVE-2024-7627 Bit File Manager 6.0 - 6.5.5 - Unauthenticated Remote Code Execution via Race Condition | 5 Sep 202402:04 | β | cvelist |
 | CVE-2024-7627 | 5 Sep 202403:15 | β | nvd |
 | CVE-2024-7627 | 5 Sep 202403:15 | β | osv |
 | WordPress Bit File Manager 6.5.5 Race Condition / Code Injection | 12 Mar 202500:00 | β | packetstorm |
 | WordPress Bit File Manager 6.5.5 Race Condition / Remote Code Execution | 11 Feb 202500:00 | β | packetstormnews |
 | WordPress Bit File Manager Plugin 6.0-6.5.5 is vulnerable to Arbitrary File Upload | 4 Sep 202400:00 | β | patchstack |
10
Node
[
{
"vendor": "bitpressadmin",
"product": "Bit File Manager β 100% Free & Open Source File Manager and Code Editor for WordPress",
"versions": [
{
"version": "6.0",
"status": "affected",
"lessThanOrEqual": "6.5.5",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| action | request body | wp-admin/admin-ajax.php | ElFinder AJAX endpoint used to trigger the race-condition file edit and inject payload. | CWE-362,Β CWE-94 |
| nonce | request body | wp-admin/admin-ajax.php | ElFinder AJAX endpoint used to trigger the race-condition file edit and inject payload. | CWE-362,Β CWE-94 |
| cmd | request body | wp-admin/admin-ajax.php | ElFinder AJAX endpoint used to trigger the race-condition file edit and inject payload. | CWE-362,Β CWE-94 |
| target | request body | wp-admin/admin-ajax.php | ElFinder AJAX endpoint used to trigger the race-condition file edit and inject payload. | CWE-362,Β CWE-94 |
| content | request body | wp-admin/admin-ajax.php | ElFinder AJAX endpoint used to trigger the race-condition file edit and inject payload. | CWE-362,Β CWE-94 |
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 08:20Current
8.3High risk
Vulners AI Score8.3
CVSS 3.18.1
EPSS0.02802
SSVC