CVE-2024-13707

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jan 30, 2025

Updated: Jan 31, 2025

CWE ID 352

Summary

CVE-2024-13707 is a vulnerability affecting the WP Image Uploader plugin for WordPress. This issue, present in all versions up to 1.0.1, allows unauthenticated attackers to manipulate the gky_image_uploader_main_function() through Cross-Site Request Forgery (CSRF). The consequence is the deletion of arbitrary files, which can be executed if a site administrator falls victim to a malicious link or similar deception. This vulnerability arises due to insufficient or absent nonce validation within the function.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2wO3oO
https://www.cve.org/CVERecord?id=CVE-2024-13707
https://nvd.nist.gov/vuln/detail/CVE-2024-13707

Back to Vulnerability Database

CVE-2024-13707

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations