CVE-2024-8699

Exploit

EPSS 0.2%
Published 15.05.2025 20:15:59
Last modified 28.05.2025 15:42:01
Source contact@wpscan.com
Teams watchlist Login
Open Login

The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Affected products Warnungen 0 Metrics 2 CWE 0 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Urbanbase ≫ Z-downloads SwPlatformwordpress Version < 1.11.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.2%	0.426

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

https://wpscan.com/vulnerability/9013351e-224f-4696-970f-eb843dc8dace/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-8699

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8699

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8699

EUVD