3 matches found
CVE-2024-13707
creationtimestamp| type| source ---|---|--- 2025-01-30 14:17:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxof42fnt2t 2025-01-30 15:32:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113918025675634080 2025-01-30 16:46:21+00:00| seen|...
CVE-2024-13707
CVE-2024-13707 affects the WordPress plugin WP Image Uploader (versions up to 1.0.1). The vulnerability is a Cross-Site Forgery vulnerability caused by missing/incorrect nonce validation in gky_image_uploader_main_function(), enabling unauthenticated attackers to delete arbitrary files via a forg...
CVE-2024-13707 WP Image Uploader <= 1.0.1 - Cross-Site Request Forgery to Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gkyimageuploadermainfunction function. This makes it possible for unauthenticated attackers to delete...