exploitDog

CVE-2024-0757

Опубликовано: 04 июн. 2024

Источник: nvd

CVSS3: 5.4

EPSS Средний

Описание

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

Ссылки

https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:elearningfreak:insert_or_embed_articulate_content:*:*:*:*:*:wordpress:*:*

Версия до 4.3000000023 (включая)

EPSS

Процентиль: 98%

0.59072

Средний

5.4 Medium

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-2p44-rc6w-2rvw

CVSS3: 5.4

github

больше 1 года назад

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

EPSS

Процентиль: 98%

0.59072

Средний

5.4 Medium

CVSS3

Дефекты

CWE-434