Lucene search
K

8 matches found

Nuclei
Nuclei
added 10 hours ago12 views

WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload

The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...

9.8CVSS6.3AI score0.35708EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 2:55 a.m.13 views

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS8AI score0.35708EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/08/21 4:35 a.m.139 views

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 CVSS score: 10.0, impacts all versions of the plugin prior to version 3.14.2,...

10CVSS8.6AI score0.74283EPSS
Exploits11
Wordfence Blog
Wordfence Blog
added 2024/07/31 4:34 p.m.31 views

Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin

On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 Keydatas, a WordPress plugin with more than 5,000 active installations. This vulnerability makes it possible for...

9.8CVSS8.2AI score0.35708EPSS
Exploits0
Circl
Circl
added 2024/07/17 10:41 a.m.14 views

CVE-2024-6220

creationtimestamp| type| source ---|---|--- 2024-07-17 10:41:45+00:00| seen| https://t.me/cvedetector/1064 2024-08-01 10:18:47+00:00| exploited| https://t.me/HackingInsights/8275 2025-12-03 08:31:16+00:00| confirmed|...

9.8CVSS6AI score0.35708EPSS
In wildExploits0References7
Vulnrichment
Vulnrichment
added 2024/07/17 7:32 a.m.28 views

CVE-2024-6220 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

9.8CVSS8.3AI score0.35708EPSS
Exploits0References3
CVE
CVE
added 2024/07/17 7:32 a.m.97 views

CVE-2024-6220

CVE-2024-6220: WordPress Keydatas plugin (≤ 2.5.2) – Arbitrary file upload . Unauthenticated attackers can upload arbitrary files via missing file-type validation in the keydatas_downloadImages function, potentially enabling remote code execution and full site compromise. Affected product is the ...

9.8CVSS9.9AI score0.35708EPSS
In wildExploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/17 12:0 a.m.23 views

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

9.8CVSS6.9AI score0.35708EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder