CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/

Configurations

No configuration.

History

30 Jul 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) El complemento Business Card WordPress hasta la versión 1.0.0 no impide que los usuarios con privilegios elevados, como los administradores, carguen archivos PHP maliciosos, lo que podría permitirles ejecutar código arbitrario en los servidores que alojan su sitio, incluso en configuraciones Multisitio.

30 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-30 06:15

Updated : 2024-07-30 13:32

NVD link : CVE-2024-5807

Mitre link : CVE-2024-5807

CVE.ORG link : CVE-2024-5807

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-5807

Attach tags to `CVE-2024-5807`