The vulnerability of the Imagements image loading plugin in the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the Imagements image loading plugin in the WordPress content management system involves unlimited downloading of dangerous files when processing the Content-Type header in requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2021-24236

The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability in the WordPress plugin Imagements version 1.2.5 and earlier versions allow...

Imagements <= 1.2.5 - Unauthenticated Arbitrary File Upload to RCE

The Imagements WordPress plugin, versions = 1.2.5, allowed images to be uploaded in comments, however, only checked for the Content-Type HTTP header for validation, which can be tampered with. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type head...