7 matches found
Exploit for CVE-2024-10629
🛠️ GPX Viewer Exploit CVE-2024-10629 This repository contai...
CVE-2024-10629
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxvfileupload function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-10629
creationtimestamp| type| source ---|---|--- 2024-11-13 02:07:08+00:00| seen| https://infosec.exchange/users/cve/statuses/113473200316308165 2025-03-09 23:53:19+00:00| seen| https://infosec.exchange/users/DarkWebInformer/statuses/114135164423772222 2025-03-09 23:53:23+00:00| seen|...
CVE-2024-10629
CVE-2024-10629 affects the GPX Viewer WordPress plugin (versions up to 2.2.8; later references show 2.2.9 patch). The vulnerability is arbitrary file creation due to missing capability checks and file type validation in gpxv_file_upload(). Authenticated attackers with subscriber-level access or h...
CVE-2024-10629 GPX Viewer <= 2.2.9 - Authenticated (Subscriber+) Arbitrary File Creation
The GPX Viewer plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check and file type validation in the gpxvfileupload function in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with subscriber-level access and...
Exploit for CVE-2024-10629
CVE-2024-10629 GPX Viewer = 2.2.8 - Authenticated Subscri...
WordPress GPX Viewer Plugin <= 2.2.9 is vulnerable to Arbitrary File Upload
Software GPX Viewer Type Plugin Vulnerable versions = 2.2.9 Fixed in 2.2.10 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-10629 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID abb72626a6f6 Credits Francesco Carlucci Required privilege...