Lucene search

[email protected]NVD:CVE-2024-5630

HistoryJul 15, 2024 - 6:15 a.m.

CVE-2024-5630

2024-07-1506:15:01

CWE-434

[email protected]

web.nvd.nist.gov

wordpress

arbitrary files

php shell

cve-2024-5630

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.7%

JSON

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

Affected configurations

Nvd

Node

elearningfreakinsert_or_embed_articulate_contentRange<4.3000000024wordpress

VendorProductVersionCPE
elearningfreakinsert_or_embed_articulate_content*cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
elearningfreak	insert_or_embed_articulate_content	*	cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content::::::wordpress::*

References

wpscan.com/vulnerability/538c875f-4c20-4be0-8098-5bddb7aecff4/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

19.7%

JSON

Related for NVD:CVE-2024-5630

cvelist1 cve1 vulnrichment1 wordfence1