CVE-2024-6132

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexelsfspimagesoptionsvalidate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level a...

CVE-2024-6132 Pexels: Free Stock Photos <= 1.2.2 - Authenticated (Contributor+) Arbitrary File Upload

The Pexels: Free Stock Photos plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'pexelsfspimagesoptionsvalidate' function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with contributor-level a...

CVE-2024-6132

CVE-2024-6132 affects Pexels: Free Stock Photos, a WordPress plugin vulnerable to arbitrary file upload due to missing file type validation in pexels_fsp_images_options_validate. Versions up to and including 1.2.2 are affected. Exploitation requires authenticated access at contributor level or hi...

WordPress Pexels: Free Stock Photos Plugin <= 1.2.2 is vulnerable to Arbitrary File Upload

Software Pexels: Free Stock Photos Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6132 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 042650894638 Credits István Márton Required...