Lucene search
+L

5 matches found

OSV
OSV
added 2024/07/24 3:15 a.m.9 views

CVE-2024-6756

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...

8.8CVSS6.5AI score0.00786EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/07/24 2:33 a.m.38 views

CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...

8.8CVSS0.00786EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/24 2:33 a.m.24 views

CVE-2024-6756 Social Auto Poster <= 5.3.14 - Authenticated (Contributor+) Arbitrary File Upload

The Social Auto Poster plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpwautopostergetimagepath' function in all versions up to, and including, 5.3.14. This makes it possible for authenticated attackers, with Contributor-level and above...

8.8CVSS7.6AI score0.00786EPSS
Exploits0References2
CVE
CVE
added 2024/07/24 2:33 a.m.58 views

CVE-2024-6756

The CVE-2024-6756 entry concerns the WordPress plugin Social Auto Poster. Affected versions up to 5.3.14 allow arbitrary file uploads due to missing file-type validation in wpw_auto_poster_get_image_path, enabling authenticated users with Contributor+ permissions to place arbitrary files on the s...

8.8CVSS6.4AI score0.00786EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/07/24 12:0 a.m.21 views

WordPress Social Auto Poster Plugin <= 5.3.14 is vulnerable to Arbitrary File Upload

Software Social Auto Poster Type Plugin Vulnerable versions = 5.3.14 Fixed in 5.3.15 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6756 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 10970b4a81a6 Credits István Márton Required privileg...

8.8CVSS6.8AI score0.00786EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder