CVE-2024-11265

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 23, 2024
CWE ID 200

Summary

CVE-2024-11265 is a vulnerability affecting the Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress. In all versions up to 1.1.3, this plugin is susceptible to Full Path Disclosure. Authenticated attackers with author-level permissions or higher can exploit this vulnerability by triggering image upload error messages, which reveal the full path of the web application. This information, while not harmful on its own, can be used in conjunction with other vulnerabilities to cause damage to an affected website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share