Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:23 a.m.7 views

CVE-2024-12854

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References1
Circl
Circl
added 2025/01/08 9:19 a.m.5 views

CVE-2024-12854

creationtimestamp| type| source ---|---|--- 2025-01-08 09:19:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113791990278283510 2025-01-08 10:12:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/688 2025-01-08 10:15:26+00:00| seen|...

8.8CVSS8.7AI score0.00817EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/01/08 9:18 a.m.10 views

CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload

The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...

8.8CVSS7.8AI score0.00817EPSS
Exploits0References2
CVE
CVE
added 2025/01/08 9:18 a.m.51 views

CVE-2024-12854

CVE-2024-12854 concerns Garden Gnome Package (WordPress) where all versions up to 2.3.0 are vulnerable due to missing file type validation when extracting uploaded ggpkgs. This enables an attacker with Author+ privileges to upload arbitrary files to the server, with potential remote code executio...

8.8CVSS9.1AI score0.00817EPSS
Exploits0References2
Rows per page
Query Builder