CVE-2024-6366
July 29, 2024, 2:12 p.m.
Tags
Product(s) Impacted
User Profile Builder WordPress plugin
- before 3.11.8
Description
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
Weaknesses
Date
Published: July 29, 2024, 6:15 a.m.
Last Modified: July 29, 2024, 2:12 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
contact@wpscan.com
References
contact@wpscan.com