CVE-2024-11952
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-11952 is a vulnerability affecting the Classic Addons – WPBakery Page Builder plugin for WordPress. It allows authenticated attackers with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary PHP files on Windows servers. This vulnerability, which impacts all versions up to and including 3.0, can result in bypassing access controls, obtaining sensitive data, or achieving code execution. The issue is limited to PHP files, posing a significant risk in environments where images and other "safe" file types can be uploaded and included.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- WordPress