Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-24714

7.2HIGH

Key Information:

Vendor: WordPress
Status: Icons Font Loader
Vendor: CVE Published:; 26 February 2024

Summary

The vulnerability in Icons Font Loader, developed by bPlugins LLC, allows for the unrestricted upload of files with potentially dangerous types. This issue poses significant security risks as it can enable malicious entities to upload harmful files to the server, thereby compromising the integrity and security of the application. The affected versions range from unspecified to 1.1.4, necessitating immediate attention from users of the product to safeguard against exploitation.

Affected Version(s)

Icons Font Loader <= 1.1.4

References

https://patchstack.com/database/vulnerability/icons-font-...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2024
Vulnerability Reserved
Jan 26, 2024

Credit

Vulzap (Patchstack Alliance)