Ver todas as ameaças

CVE-2024-11150

Alvo: Não informado

Descrição

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-11150
Tags
Nâo informado
Data de publicação
13/11/2024
Última atualização
20/11/2024
Pontuação em CVSS 3.0
9.8
Crítico
Rolar para cima