8.8
CVE-2024-5630
- EPSS 1.13%
- Veröffentlicht 15.07.2024 06:15:01
- Zuletzt bearbeitet 21.11.2024 09:48:03
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginInsert or Embed Articulate Content into WordPress <= 4.3000000023 - Authenticated (Author+) Arbitrary File Upload
The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.
Mögliche Gegenmaßnahme
Insert or Embed Articulate Content into WordPress: Update to version 4.3000000024, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Insert or Embed Articulate Content into WordPress
Version
*-4.3000000023
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elearningfreak ≫ Insert Or Embed Articulate Content SwPlatformwordpress Version < 4.3000000024
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.777 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.