The vulnerability of the Imagements image loading plugin in the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Imagements image loading plugin in the WordPress content management system involves unlimited downloading of dangerous files when processing the Content-Type header in requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2021-24236

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

CVE-2021-24236

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

Cross site request forgery (csrf)

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability in the WordPress plugin Imagements version 1.2.5 and earlier versions allow...

CVE-2021-24236 Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

CVE-2021-24236

The CVE-2021-24236 exists in the WordPress Imagements plugin up to version 1.2.5. The vulnerability stems from permissive file validation: the plugin only checks the Content-Type and allows uploading files with a PHP filename and code, enabling unauthenticated arbitrary file uploads and remote co...

WordPress Imagements plugin <= 1.2.5 - Unauthenticated Arbitrary File Upload leading to Remote Code Execution (RCE) vulnerability

Unauthenticated Arbitrary File Upload leading to Remote Code Execution RCE vulnerability discovered by Jin Huang in WordPress Imagements plugin versions = 1.2.5. Solution Plugin closed. Deactivate and delete...

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...