4 matches found
CVE-2024-6161
The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getcacheimage' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above...
CVE-2024-6161 Default Thumbnail Plus <= 1.0.2.3 - Authenticated (Contributor+) Arbitrary File Upload
The Default Thumbnail Plus plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'getcacheimage' function in all versions up to, and including, 1.0.2.3. This makes it possible for authenticated attackers, with contributor-level and above...
CVE-2024-6161
CVE-2024-6161 affects the Default Thumbnail Plus WordPress plugin. The vulnerability stems from missing file type validation in the get_cache_image function, affecting all versions up to 1.0.2.3. This allows authenticated attackers with contributor-level (or higher) permissions to upload arbitrar...
WordPress Default Thumbnail Plus Plugin <= 1.0.2.3 is vulnerable to Arbitrary File Upload
Software Default Thumbnail Plus Type Plugin Vulnerable versions = 1.0.2.3 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6161 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID ab5c2abdfe96 Credits István Márton Required...