CVE-2024-6366

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/

Configurations

No configuration.

History

29 Jul 2024, 14:12

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress User Profile Builder anterior a 3.11.8 no tiene la autorización adecuada, lo que permite a usuarios no autenticados cargar archivos multimedia a través de la funcionalidad de carga asíncrona de WP.

29 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-29 06:15

Updated : 2024-07-29 14:12

NVD link : CVE-2024-6366

Mitre link : CVE-2024-6366

CVE.ORG link : CVE-2024-6366

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-6366

Attach tags to `CVE-2024-6366`