CVE-2024-11952

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 4, 2024
CWE ID 22

Summary

CVE-2024-11952 is a vulnerability affecting the Classic Addons – WPBakery Page Builder plugin for WordPress. It allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary PHP files on Windows servers. This vulnerability, which impacts all versions up to and including 3.0, can result in bypassing access controls, obtaining sensitive data, or achieving code execution. The issue is limited to PHP files, posing a significant risk in environments where images and other "safe" file types can be uploaded and included.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share