65 matches found
CVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...
WordPress User Extra Fields plugin <= 16.6 - Unauthenticated Arbitrary File Deletion vulnerability
Unauthenticated Arbitrary File Deletion vulnerability discovered by Chloe Chamberland in WordPress Plugin User Extra Fields versions = 16.6...
WordPress User Extra Fields plugin <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation vulnerability
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.6...
CVE-2024-11150
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-11150
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-10800
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...
CVE-2024-10800
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...
CVE-2024-11150
CVE-2024-11150 affects WordPress User Extra Fields (WordPress plugin). The issue is an unauthenticated arbitrary file deletion vulnerability caused by insufficient file path validation in delete_tmp_uploaded_file() across all versions up to and including 16.6. This could allow an unauthenticated ...
CVE-2024-11150 WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-11150 WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...
CVE-2024-10800 WordPress User Extra Fields <= 16.6 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajaxsavefields function in all versions up to, and including, 16.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to ad...
CVE-2024-10800
CVE-2024-10800 : WordPress User Extra Fields plugin (
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...
WordPress plugin User Extra Fields 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...
PT-2024-16790 · WordPress · Wordpress User Extra Fields
Name of the Vulnerable Software and Affected Versions: WordPress User Extra Fields plugin versions up to, and including, 16.6 Description: The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete tmp...
WordPress plugin User Extra Fields 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...
CVE-2024-10801
The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajaxmanagefilechunkupload function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on...
CVE-2024-10801
CVE-2024-10801 affects the WordPress plugin User Extra Fields . The vulnerability stems from missing file type validation in the ajax_manage_file_chunk_upload() function across all versions up to 16.5. This allows unauthenticated attackers to upload arbitrary files to the affected site, with the ...
WordPress User Extra Fields plugin <= 16.5 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin User Extra Fields versions = 16.5...