2 matches found
CVE-2024-5852 WordPress File Upload <= 4.24.7 - Authenticated (Contributor+) Directory Traversal
The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.24.7 via the 'uploadpath' parameter of the wordpressfileupload shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
WordPress WordPress File Upload Plugin <= 4.24.7 is vulnerable to Directory Traversal
Software WordPress File Upload Type Plugin Vulnerable versions = 4.24.7 Fixed in 4.24.8 OWASP Top 10 A1: Broken Access Control Classification Directory Traversal CVE CVE-2024-5852 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fcaf7a73db3 Credits Colin Xu Required...