cbcvebase.
CVE-2024-2024
published 2024-06-14

CVE-2024-2024: The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function…

PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.30%
87.0th percentile
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
cobbler_projectcobbler>= 3.0.0 < 3.2.33.2.3
cobbler_projectcobbler>= 3.3.0 < 3.3.73.3.7
fortinetfortios
fortinetfortiproxy
github.comdapr_dapr>= 1.13.0 < 1.13.31.13.3
jenkinsappspider_plugin
jenkinsbitbucket_branch_source_plugin
jenkinsbuild_monitor_view_plugin
jenkinsdelphix_plugin
jenkinsgitbucket_plugin
jenkinshtml_publisher_plugin
jenkinsimproper_input_sanitization_in_html_publisher_plugin
jenkinsmq_notifier_plugin
jenkinsowasp_dependency-check_plugin
jenkinssubversion_partial_release_manager_plugin
jenkinstls_certificate_validation_in_delphix_plugin
linuxlinux_kernel>= 0 < 4.15.0-246.2584.15.0-246.258
litestarlitestar0 – 2.10.0
msrccbl2_kernel_5.15.164.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.167.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0
msrccbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
vendor_msrc8.8HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.