PT-2024-36779 · WordPress · Insert/Embed Articulate Content Into Wordpress
Dmitry Ignatyev
·
Published
2024-07-15
·
Updated
2024-08-01
·
CVE-2024-5630
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Insert or Embed Articulate Content into WordPress plugin versions prior to 4.3000000024
Description
The issue allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites. This could lead to unauthorized access and malicious activities.
Recommendations
For versions prior to 4.3000000024, update to version 4.3000000024 or later to prevent authors from uploading arbitrary files to the site. As a temporary workaround, consider restricting file upload permissions for authors to minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Insert/Embed Articulate Content Into Wordpress