CVE-2024-6314

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'processimageupload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6314

The IQ Testimonials plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'processimageupload' function in versions up to, and including, 2.2.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6314

CVE-2024-6314 affects the IQ Testimonials WordPress plugin. The Red Hat and Wordfence entries describe a vulnerability in process_image_upload that allows unauthenticated arbitrary file uploads in versions up to and including 2.2.7 due to insufficient file type validation. The impact is high: if ...

PT-2024-37535 · WordPress · Testimonials

Name of the Vulnerable Software and Affected Versions: IQ Testimonials plugin for WordPress versions up to, and including, 2.2.7 Description: The issue is related to insufficient file type validation in the process image upload function, allowing unauthenticated attackers to upload arbitrary file...

WordPress plugin IQ Testimonials security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

WordPress IQ Testimonials Plugin <= 2.2.7 is vulnerable to Arbitrary File Upload

Software IQ Testimonials Type Plugin Vulnerable versions = 2.2.7 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6314 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8b1a4c014222 Credits István Márton Required privilege...