Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 3:11 a.m.7 views

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'createpostattachmentfromurl' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above...

8.8CVSS7.7AI score0.00793EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/27 2:3 a.m.33 views

CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'createpostattachmentfromurl' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above...

8.8CVSS0.00793EPSS
Exploits0References2
CVE
CVE
added 2024/06/27 2:3 a.m.30 views

CVE-2024-6054

CVE-2024-6054 is an unauthenticated/arbitrary file upload vulnerability in the WordPress plugin Auto Featured Image (

8.8CVSS8.9AI score0.00793EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/26 12:0 a.m.16 views

WordPress Auto Featured Image Plugin <= 1.2 is vulnerable to Arbitrary File Upload

Software Auto Featured Image Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6054 Patch priority Low CVSS severity Low 9.9 Developer Claim ownership PSID 82feedc389d9 Credits István Márton Required privilege Contribut...

8.8CVSS6.9AI score0.00793EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder