5 matches found
CVE-2024-3242
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...
CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...
CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload
The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...
CVE-2024-3242
CVE-2024-3242 concerns Brizy – Page Builder for WordPress. The issue is an arbitrary file upload vulnerability caused by missing file extension validation in validateImageContent (via storeImages) in all versions up to 2.4.43. This could allow authenticated attackers with contributor+ privileges ...
WordPress Brizy Plugin <= 2.4.44 is vulnerable to Arbitrary File Upload
Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3242 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID cefdc004eccb Credits stealthcopter Required privilege Contributor...