Unrestricted Upload of File with Dangerous Type vulnerability
CVE-2024-31286

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: WP Photo Album Plus
Vendor: CVE Published:; 7 April 2024

Badges

👾 Exploit Exists

Summary

The vulnerability in WP Photo Album Plus allows an attacker to upload files of dangerous types, which can compromise the security of the web application. This unrestricted file upload could enable the execution of malicious scripts or the introduction of harmful content into the server environment. Users of WP Photo Album Plus versions prior to 8.6.03.005 are particularly at risk, highlighting the necessity for immediate updates to protect against potential exploitation.

Affected Version(s)

WP Photo Album Plus < 8.6.03.005

References

https://patchstack.com/database/vulnerability/wp-photo-al...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Apr 8, 2024
👾
Exploit known to exist
Apr 8, 2024
Vulnerability published
Apr 7, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

stealthcopter (Patchstack Alliance)