exploitDog

CVE-2024-8673

Опубликовано: 15 мая 2025

Источник: nvd

CVSS3: 9.1

EPSS Низкий

Описание

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.

Ссылки

https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/fed2cd26-7ccb-419d-b589-978410953bf4/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:urbanbase:z-downloads:*:*:*:*:*:wordpress:*:*

Версия до 1.11.7 (исключая)

EPSS

Процентиль: 89%

0.04479

Низкий

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-m87q-2m67-hxxh

CVSS3: 9.1

github

9 месяцев назад

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript.

EPSS

Процентиль: 89%

0.04479

Низкий

9.1 Critical

CVSS3

Дефекты

NVD-CWE-noinfo