Unknown Files Upload Vulnerability Affects WordPress Sites using Insert or Embed Articulate Content into WordPress Plugin
CVE-2024-5630

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Insert Or Embed Articulate Content
Vendor: CVE Published:; 15 July 2024

What is CVE-2024-5630?

The Articulate Content Plugin for WordPress prior to version 4.3000000024 is susceptible to an arbitrary file upload vulnerability. This security flaw permits authors to upload potentially harmful files, including PHP shells, directly onto affected WordPress sites. Such unauthorized file uploads can compromise the integrity and security of the site, leading to unauthorized access and execution of malicious scripts. Website administrators are urged to update to the latest version of the plugin to mitigate this risk and protect their platforms from potential exploitation.

References

https://wpscan.com/vulnerability/538c875f-4c20-4be0-8098-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 15, 2024

Wordpress

What is CVE-2024-5630?

References

CVSS V3.1

Timeline