CVE-2024-12471
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jan 7, 2025
CWE ID 94
Summary
CVE-2024-12471: A critical vulnerability affects the WordPress plugin "AI Text & Image Generator" by Post Saint. The flaw permits authenticated attackers, with subscriber-level access and above, to upload arbitrary files through the add_image_to_library AJAX action function. This vulnerability, which exists in all versions up to 1.3.1, can lead to remote code execution due to insufficient capabilities check and file type validation. WordPress users are advised to update the plugin to the latest version promptly to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- WordPress