CVE-2024-11270
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jan 8, 2025
CWE ID 862
Summary
CVE-2024-11270 is a vulnerability affecting the WebinarPress plugin for WordPress. This issue arises due to the omission of capability checks on the 'sync-import-imgs' function and inadequate file type validation. As a result, authenticated attackers with subscriber-level access and above can exploit this vulnerability to create arbitrary files, potentially leading to remote code execution. This poses a significant security risk for WordPress websites using this plugin in versions up to and including 1.33.24.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share