CVE-2024-13720

Name of the Vulnerable Software and Affected Versions WP Image Uploader plugin for WordPress version 1.0.1 and earlier

Description The issue is related to insufficient file path validation in the gky image uploader main function() function, allowing unauthenticated attackers to delete arbitrary files on the server. This can lead to remote code execution when a critical file, such as wp-config.php, is deleted.

Recommendations For WP Image Uploader plugin for WordPress version 1.0.1 and earlier, update to a version later than 1.0.1 to resolve the issue. As a temporary workaround, consider disabling the gky image uploader main function() function until a patch is available.