WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload

The Keydatas plugin for WordPress known in Chinese as "简数采集器" is vulnerable to unrestricted file uploads due to missing file-type validation in the keydatasdownloadImages function in all versions up to and including 2.5.2. An unauthenticated attacker can upload arbitrary files to the server —...

WordPress 简数采集器 plugin <= 2.6.3 - Authenticated (Admin+) Arbitrary File Read vulnerability

Authenticated Admin+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Keydatas versions = 2.6.3...

Over 8,000 Exploit Attempts Already Blocked For Recently Patched Unauthenticated Arbitrary File Upload Vulnerability in 简数采集器 (Keydatas) WordPress Plugin

On June 18th, 2024, during the 0-day Threat Hunt Promo of our Bug Bounty Program, we received a submission for an Unauthenticated Arbitrary File Upload vulnerability in 简数采集器 Keydatas, a WordPress plugin with more than 5,000 active installations. This vulnerability makes it possible for...

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6220

CVE-2024-6220: WordPress Keydatas plugin (≤ 2.5.2) – Arbitrary file upload . Unauthenticated attackers can upload arbitrary files via missing file-type validation in the keydatas_downloadImages function, potentially enabling remote code execution and full site compromise. Affected product is the ...

EUVD-2024-47354

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2024-6220 简数采集器 (Keydatas) <= 2.5.2 - Unauthenticated Arbitrary File Upload

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

WordPres Keydatas plugin <= 2.5.2 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Keydatas versions = 2.5.2...

PT-2024-37462

Name of the Vulnerable Software and Affected Versions: Keydatas plugin for WordPress versions up to, and including, 2.5.2 Description: The issue is related to arbitrary file uploads due to missing file type validation in the keydatas downloadImages function. This allows unauthenticated attackers ...

WordPress Keydatas Plugin <= 2.5.2 is vulnerable to Arbitrary File Upload

Software Keydatas Type Plugin Vulnerable versions = 2.5.2 Fixed in 2.6.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6220 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1095cb679b31 Credits Foxyyy Required privilege Unauthenticated...

VulnCheck KEV: CVE-2024-6220

The 简数采集器 Keydatas plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the keydatasdownloadImages function in all versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...