Lucene search
WPScanCVELIST:CVE-2024-6366HistoryJul 29, 2024 - 6:00 a.m.
CVE-2024-6366 User Profile Builder < 3.11.8 - Unauthenticated Media Upload
2024-07-2906:00:08
WPScan
www.cve.org
5
user profile builder
unauthenticated
media upload
wordpress
cve-2024-6366
EPSS
0.001
Percentile
21.8%
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
CNA Affected
[
{
"vendor": "Unknown",
"product": "User Profile Builder",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.11.8"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-6366
2024-07-29 06:15:02
nuclei
nuclei
User Profile Builder < 3.11.8 - File Upload
2024-07-29 17:07:32
vulnrichment
vulnrichment
CVE-2024-6366 User Profile Builder < 3.11.8 - Unauthenticated Media Upload
2024-07-29 06:00:08
githubexploit
githubexploit
Exploit for CVE-2024-6366
2024-08-03 10:30:49
cve
cve
CVE-2024-6366
2024-07-29 06:15:02
wordfence
wordfence