20 matches found
CVE-2024-6486
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
CVE-2024-6486
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
CVE-2024-6486 ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
CVE-2024-6486 ImageMagick Engine < 1.7.11 - Administrator+ OS Command Injection
The ImageMagick Engine ImageMagick Engine WordPress plugin before 1.7.11 for WordPress is vulnerable to OS Command Injection via the "clipath" parameter. This allows authenticated attackers, with administrator-level permission to execute arbitrary OS commands on the server leading to remote code...
PT-2025-21483 · WordPress · Imagemagick Engine
Name of the Vulnerable Software and Affected Versions: ImageMagick Engine WordPress plugin versions prior to 1.7.11 Description: The issue allows authenticated attackers with administrator-level permission to execute arbitrary OS commands on the server, leading to remote code execution. This is...
WordPress plugin ImageMagick Engine 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2022-3568
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
Remote code execution
The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site...
WordPress Plugin ImageMagick Engine Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2023-12753 · WordPress · Imagemagick Engine
Name of the Vulnerable Software and Affected Versions: ImageMagick Engine plugin for WordPress versions up to, and including 1.7.5 Description: The issue allows for remote code execution via the cli path parameter. This enables unauthenticated users to run arbitrary commands, potentially leading ...
CVE-2022-3568
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
CVE-2022-3568
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
Deserialization of untrusted data
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
CVE-2022-3568 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
CVE-2022-3568 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...
WordPress ImageMagick Engine plugin <= 1.7.6 - Auth. Remote Code Execution (RCE) vulnerability
Auth. Remote Code Execution RCE vulnerability discovered by ABDO10 in WordPress ImageMagick Engine plugin versions = 1.7.6. Solution No patched version is available. Version 1.7.6 only added a nonce token to fix the CSRF vulnerability...
ImageMagick-Engine < 1.7.6 - Command Injection via CSRF
The plugin is missing CSRF checks in multiple actions, which could allow attackers to make a logged in admin perform unwanted actions. In this case, it could lead to RCE via Command Injection https://example.com/wp-admin/admin-ajax.php?action=imetestimpath&clipath=payload...
Wordpress ImageMagick-Engine 1.7.4 Plugin - Remote Code Execution (Authenticated) Exploit
Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...
Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...
WordPress ImageMagick-Engine 1.7.4 Remote Code Execution
Exploit Title: Wordpress Plugin ImageMagick-Engine 1.7.4 - Remote Code Execution RCE Authenticated Google Dork: inurl:"/wp-content/plugins/imagemagick-engine/" Date: Thursday, September 1, 2022 Exploit Author: ABDO10 Vendor Homepage: https://wordpress.org/plugins/imagemagick-engine/ Software Link...