Lucene search
+L

5 matches found

nvd
nvd
added 2024/07/18 9:15 a.m.41 views

CVE-2024-3242

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

8.8CVSS0.00963EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2024/07/18 8:33 a.m.20 views

CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

8.8CVSS7.7AI score0.00963EPSS
Exploits0References5
cvelist
cvelist
added 2024/07/18 8:33 a.m.56 views

CVE-2024-3242 Brizy – Page Builder <= 2.4.44 - Authenticated (Contributor+) Arbitrary File Upload

The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the validateImageContent function called via storeImages in all versions up to, and including, 2.4.43. This makes it possible for authenticated attackers, with...

8.8CVSS0.00963EPSS
Exploits0References5
cve
cve
added 2024/07/18 8:33 a.m.50 views

CVE-2024-3242

CVE-2024-3242 concerns Brizy – Page Builder for WordPress. The issue is an arbitrary file upload vulnerability caused by missing file extension validation in validateImageContent (via storeImages) in all versions up to 2.4.43. This could allow authenticated attackers with contributor+ privileges ...

8.8CVSS8.9AI score0.00963EPSS
Exploits0References5Affected Software1
patchstack
patchstack
added 2024/07/18 12:0 a.m.12 views

WordPress Brizy Plugin <= 2.4.44 is vulnerable to Arbitrary File Upload

Software Brizy Type Plugin Vulnerable versions = 2.4.44 Fixed in 2.4.45 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-3242 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID cefdc004eccb Credits stealthcopter Required privilege Contributor...

8.8CVSS6.8AI score0.00963EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder