Arbitrary File Upload Vulnerability in Garden Gnome Package Plugin for WordPress
CVE-2024-12854
8.8HIGH
What is CVE-2024-12854?
The Garden Gnome Package plugin for WordPress suffers from a critical vulnerability due to inadequate file type validation when processing 'ggpkg' files. This issue, present in all versions up to 2.3.0, allows authenticated users with Author-level privileges and above to upload malicious files. Such uploads can potentially lead to remote code execution on the server hosting the affected WordPress site.
Affected Version(s)
Garden Gnome Package * <= 2.3.0