CVE-2024-4389

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 14, 2024
CWE ID 369

Summary

CVE-2024-4389 is a vulnerability affecting the Slider and Carousel plugin for WordPress by Depicter. The issue lies in the lack of file type validation in the uploadFile function, which is present in all versions up to 3.1.1. This defect allows authenticated attackers, with contributor access or higher, to upload arbitrary files onto the susceptible site's server. The potential repercussions of this vulnerability include the possibility of remote code execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share