Lucene search

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

🗓️ 27 Jun 2024 02:00:03Reported by WordfenceType

Auto Featured Image plugin for WordPress allows Contributor+ users to upload arbitrary files, leading to potential remote code executio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Patchstack	WordPress Auto Featured Image Plugin <= 1.2 is vulnerable to Arbitrary File Upload	26 Jun 202400:00	–	patchstack
CVE	CVE-2024-6054	27 Jun 202403:15	–	cve
Vulnrichment	CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload	27 Jun 202402:03	–	vulnrichment
NVD	CVE-2024-6054	27 Jun 202403:15	–	nvd
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 24, 2024 to June 30, 2024)	3 Jul 202415:31	–	wordfence

[
  {
    "vendor": "ka-yue",
    "product": "Auto Featured Image",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/4d1512c2-75c1-405b-8bb4-f42ec69159a7
plugins	www.plugins.trac.wordpress.org/browser/auto-featured-image/tags/1.2/auto-featured-image.php

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Jun 2024 02:03Current

CVSS38.8

EPSS0.02352