8 matches found
WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload
The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...
CVE-2024-6220
The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 CVSS score: 10.0, impacts all versions of the plugin prior to version 3.14.2,...
Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin
On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 Keydatas, a WordPress plugin with more than 5,000 active installations. This vulnerability makes it possible for...
CVE-2024-6220
creationtimestamp| type| source ---|---|--- 2024-07-17 10:41:45+00:00| seen| https://t.me/cvedetector/1064 2024-08-01 10:18:47+00:00| exploited| https://t.me/HackingInsights/8275 2025-12-03 08:31:16+00:00| confirmed|...
CVE-2024-6220 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload
The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...
CVE-2024-6220
CVE-2024-6220: WordPress Keydatas plugin (≤ 2.5.2) – Arbitrary file upload . Unauthenticated attackers can upload arbitrary files via missing file-type validation in the keydatas_downloadImages function, potentially enabling remote code execution and full site compromise. Affected product is the ...
WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload
Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...