3 matches found
CVE-2024-13720
creationtimestamp| type| source ---|---|--- 2025-01-30 14:17:35+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgxofak4jv27 2025-01-30 15:32:05+00:00| seen| https://infosec.exchange/users/cve/statuses/113918025705481072 2025-01-30 16:46:22+00:00| seen|...
CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...
CVE-2024-13720 WP Image Uploader <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gkyimageuploadermainfunction function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on...