Lucene search
WPScanVULNRICHMENT:CVE-2024-6366HistoryJul 29, 2024 - 6:00 a.m.
CVE-2024-6366 User Profile Builder < 3.11.8 - Unauthenticated Media Upload
2024-07-2906:00:08
WPScan
github.com
5
wordpress
plugin
cve-2024-6366
user profile builder
unauthenticated
media upload
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
21.8%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:cozmoslabs:profile_builder:*:*:*:*:*:wordpress:*:*"
],
"vendor": "cozmoslabs",
"product": "profile_builder",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "3.11.8",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
cvelist
cvelist
CVE-2024-6366 User Profile Builder < 3.11.8 - Unauthenticated Media Upload
2024-07-29 06:00:08
githubexploit
githubexploit
Exploit for CVE-2024-6366
2024-08-03 10:30:49
nvd
nvd
CVE-2024-6366
2024-07-29 06:15:02
nuclei
nuclei
User Profile Builder < 3.11.8 - File Upload
2024-07-29 17:07:32
cve
cve
CVE-2024-6366
2024-07-29 06:15:02
wordfence
wordfence
AI Score
7.1
Confidence
Low
EPSS
0.001
Percentile
21.8%
SSVC
Exploitation
poc
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-6366