CVE-2024-10586 in Debug Tool Plugininformação

Sumário

de MITRE • 09/11/2024

The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservar

31/10/2024

Divulgação

09/11/2024

Moderação

aceite

Entrada

VDB-283547

CPE

pronto

EPSS

0.02085

KEV

não

Atividades

muito baixo

Fontes

Do you know our Splunk app?

Download it now for free!