PT-2024-23788 · Bestwebsoft · The Quotes/Tips By Bestwebsoft Wordpress Plugin
Peng Zhou
+1
·
Published
2024-07-12
·
Updated
2024-08-01
·
CVE-2024-3112
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
The Quotes and Tips by BestWebSoft WordPress plugin versions prior to 1.45
Description
The issue concerns the improper validation of image files uploaded by high privilege users, such as admins, allowing them to upload arbitrary files on the server, even in cases where they should not be allowed to, like in multisite setups.
Recommendations
For versions prior to 1.45, update to version 1.45 or later to resolve the issue. As a temporary workaround, consider restricting the upload capabilities of high privilege users to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Quotes/Tips By Bestwebsoft Wordpress Plugin