3 matches found
CVE-2024-4389
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher...
CVE-2024-4389
CVE-2024-4389 affects Slider & Carousel Slider (Depicter) for WordPress; all versions up to 3.1.1 permit arbitrary file uploads due to missing file type validation in uploadFile, enabling authenticated users with Contributor+ access to upload files and potentially achieve remote code execution. T...
WordPress Depicter Slider Plugin <= 3.1.1 is vulnerable to Arbitrary File Upload
Software Depicter Slider Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-4389 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 73585a151085 Credits Arkadiusz Hydzik Required privilege...