WordPress · Imagemagick Engine · CVE-2024-6486
Name of the Vulnerable Software and Affected Versions:
ImageMagick Engine WordPress plugin versions prior to 1.7.11
Description:
The issue allows authenticated attackers with administrator-level permission to execute arbitrary OS commands on the server, leading to remote code execution. This is achieved through OS Command Injection via the `cli path` parameter.
Recommendations:
For versions prior to 1.7.11, update to version 1.7.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `cli path` parameter to minimize the risk of exploitation.