CVE-2024-0757 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Author+ Upload to RCE

2024-06-0406:00:02

WPScan

www.cve.org

cve-2024-0757

articulate content

wordpress

rce

file extensions

zip files

AI Score

9.5

Confidence

High

EPSS

Percentile

9.0%

JSON

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Insert or Embed Articulate Content into WordPress",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "4.3000000023"
      }
    ],
    "defaultStatus": "affected"
  }
]