CVE-2024-6315

creationtimestamp| type| source ---|---|--- 2024-08-06 04:58:10+00:00| seen| https://t.me/cvedetector/2516...

CVE-2024-6315 Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-6315 Blox Page Builder <= 1.0.65 - Authenticated (Contributor+) Arbitrary File Upload

The Blox Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handleUploadFile' function in all versions up to, and including, 1.0.65. This makes it possible for authenticated attackers, with contributor-level and above permissions,...

CVE-2024-6315

CVE-2024-6315 concerns Blox Page Builder for WordPress. The vulnerability stems from missing file-type validation in the handleUploadFile function across versions up to 1.0.65, enabling authenticated users with contributor+ permissions to upload arbitrary files to the server; this could enable re...

WordPress Blox Page Builder Plugin <= 1.0.65 is vulnerable to Arbitrary File Upload

Software Blox Page Builder Type Plugin Vulnerable versions = 1.0.65 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6315 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID ffdf8c3e90d1 Credits István Márton Required privilege...