Lucene search
WPScanVULNRICHMENT:CVE-2024-3112HistoryJul 12, 2024 - 6:00 a.m.
CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload
2024-07-1206:00:05
WPScan
github.com
2
cve-2024-3112
quotes and tips
admin+ arbitrary
file upload
bestwebsoft
wordpress plugin
multisite
AI Score
6.8
Confidence
High
EPSS
0
Percentile
14.5%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:bestwebsoft:quotes_and_tips:*:*:*:*:*:wordpress:*:*"
],
"vendor": "bestwebsoft",
"product": "quotes_and_tips",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.45",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
cvelist
cvelist
CVE-2024-3112 Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload
2024-07-12 06:00:05
nvd
nvd
CVE-2024-3112
2024-07-12 06:15:03
cve
cve
CVE-2024-3112
2024-07-12 06:15:03
AI Score
6.8
Confidence
High
EPSS
0
Percentile
14.5%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-3112