4 matches found
CVE-2024-12854
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
CVE-2024-12854
creationtimestamp| type| source ---|---|--- 2025-01-08 09:19:37+00:00| seen| https://infosec.exchange/users/cve/statuses/113791990278283510 2025-01-08 10:12:11+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/688 2025-01-08 10:15:26+00:00| seen|...
CVE-2024-12854 Garden Gnome Package <= 2.3.0 - Authenticated (Author+) Arbitrary File Upload
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated...
CVE-2024-12854
CVE-2024-12854 concerns Garden Gnome Package (WordPress) where all versions up to 2.3.0 are vulnerable due to missing file type validation when extracting uploaded ggpkgs. This enables an attacker with Author+ privileges to upload arbitrary files to the server, with potential remote code executio...