CVE-2024-4389
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Published Aug 14, 2024
CWE ID 369
Summary
CVE-2024-4389 is a vulnerability affecting the Slider and Carousel plugin for WordPress by Depicter. The issue lies in the lack of file type validation in the uploadFile function, which is present in all versions up to 3.1.1. This defect allows authenticated attackers, with contributor access or higher, to upload arbitrary files onto the susceptible site's server. The potential repercussions of this vulnerability include the possibility of remote code execution.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share