PT-2025-1673 · WordPress · Wordpress File Upload

Abrahack

Publicado

2025-01-07

Atualizado

2026-04-08

CVE-2024-11635

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WordPress File Upload plugin versions up to and including 4.24.12

Description The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the wfu ABSPATH cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

Recommendations For WordPress File Upload plugin versions up to and including 4.24.12, update to a version higher than 4.24.12 to resolve the issue. As a temporary workaround, consider restricting access to the wfu ABSPATH cookie parameter until a patch is available.

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2024-11635

Produtos afetados

Wordpress File Upload

PT-2025-1673 · WordPress · Wordpress File Upload

CVE-2024-11635

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14