Lucene search
K

4 matches found

NVD
NVD
added 2024/07/09 8:15 a.m.11 views

CVE-2024-6161

The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getcacheimage' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above...

8.8CVSS0.00786EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/09 7:38 a.m.280 views

CVE-2024-6161 Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload

The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getcacheimage' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above...

8.8CVSS0.00786EPSS
Exploits0References2
CVE
CVE
added 2024/07/09 7:38 a.m.44 views

CVE-2024-6161

CVE-2024-6161 affects the Default Thumbnail Plus WordPress plugin. The vulnerability stems from missing file type validation in the get_cache_image function, affecting all versions up to 1.0.2.3. This allows authenticated attackers with contributor-level (or higher) permissions to upload arbitrar...

8.8CVSS8.9AI score0.00786EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/09 12:0 a.m.8 views

WordPress Default Thumbnail Plus Plugin <= 1.0.2.3 is vulnerable to Arbitrary File Upload

Software Default Thumbnail Plus Type Plugin Vulnerable versions = 1.0.2.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6161 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID ab5c2abdfe96 Credits István Márton Required...

8.8CVSS6.8AI score0.00786EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder