Lucene search
PatchstackCVELIST:CVE-2024-31377HistoryMay 13, 2024 - 9:06 a.m.
CVE-2024-31377 WordPress WP Photo Album Plus plugin <= 8.7.01.001 - Unauth. Arbitrary File Upload vulnerability
2024-05-1309:06:21
CWE-434
Patchstack
www.cve.org
1
cve-2024-31377
wordpress
unauthenticated upload
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Unrestricted Upload of File with Dangerous Type vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.7.01.001.
CNA Affected
[
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-photo-album-plus",
"product": "WP Photo Album Plus",
"vendor": "J.N. Breetvelt a.k.a. OpaJaap",
"versions": [
{
"changes": [
{
"at": "8.7.01.002",
"status": "unaffected"
}
],
"lessThanOrEqual": "8.7.01.001",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2024-31377
2024-05-14 15:25:08
nvd
nvd
CVE-2024-31377
2024-05-14 15:25:08
wpvulndb
wpvulndb
WP Photo Album Plus < 8.7.01.002 - Unauthenticated Arbitrary File Upload
2024-05-16 00:00:00
wordfence
wordfence
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for CVELIST:CVE-2024-31377