5 matches found
CVE-2024-6756
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...
CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...
CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload
The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...
CVE-2024-6756
The CVE-2024-6756 entry concerns the WordPress plugin Social Auto Poster. Affected versions up to 5.3.14 allow arbitrary file uploads due to missing file-type validation in wpw_auto_poster_get_image_path, enabling authenticated users with Contributor+ permissions to place arbitrary files on the s...
WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload
Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...