CVE-2024-12881

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Dec 24, 2024

CWE ID 862

Summary

CVE-2024-12881 is a vulnerability affecting the PlugVersions plugin for WordPress. This issue allows authenticated attackers with Subscriber-level access and above to perform arbitrary file uploads. The vulnerability stems from a missing capability check on the eos_plugin_reviews_restore_version() function, which is present in all versions up to and including 0.0.7. By exploiting this flaw, attackers can create and leverage arbitrary files on the target system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1yVv9a
https://www.cve.org/CVERecord?id=CVE-2024-12881
https://nvd.nist.gov/vuln/detail/CVE-2024-12881

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-12881

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations