CVE-2024-11270

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 8, 2025
CWE ID 862

Summary

CVE-2024-11270 is a vulnerability affecting the WebinarPress plugin for WordPress. This issue arises due to the omission of capability checks on the 'sync-import-imgs' function and inadequate file type validation. As a result, authenticated attackers with subscriber-level access and above can exploit this vulnerability to create arbitrary files, potentially leading to remote code execution. This poses a significant security risk for WordPress websites using this plugin in versions up to and including 1.33.24.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share