CVE-2024-11270

High CVSS: 8.8

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution.

Vendor

Webinarpress

Product

Webinarpress

CWE

CWE-862

Yayın Tarihi

2025-01-08 05:15:07

Güncelleme

2025-01-17 20:56:14

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Webinarpress HIGH Webinarpress 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3216237/wp-webinarsystem/trunk/includes/class-webinarsysteem-ajax.php https://www.wordfence.com/threat-intel/vulnerabilities/id/f1c2cb3f-2f9e-40c5-9e5f-5b85a53e5868?source=cve

Benzer Kayıtlar

Medium

CVE-2025-62972

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Confi…

Critical

CVE-2025-47635

Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Server Side Req…

Unknown

CVE-2025-32693

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allow…

Medium

CVE-2025-31883

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWebinarSystem We…

Unknown

CVE-2025-31882

Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Confi…

High

CVE-2024-11271

The WordPress Webinar Plugin – WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing…