CVE-2024-6318

CVE-2024-6318 affects IMGspider – 图片采集抓取插件 for WordPress. A missing file type validation in upload_img_file allows authenticated attackers (contributor+ required) to upload arbitrary files to the server, with potential remote code execution. The vulnerability exists in versions up to 2.3.10 and h...

WordPress IMGspider Plugin <= 2.3.10 is vulnerable to Arbitrary File Upload

Software IMGspider Type Plugin Vulnerable versions = 2.3.10 Fixed in 2.3.11 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-6319 Patch priority Medium CVSS severity Medium 9.9 Developer Claim ownership PSID 7f35690ce29e Credits István Márton Required privilege...