CVE-2024-39639

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

3.5LOW

EPSS

0.1%

top 66.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Iptanus Wordpress File Upload Nickolas Bossinas Wordpress File Upload

Timeline

PublishedNov 1

Description

Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress File Upload: from n/a through 4.24.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5nickolas_bossinas/wordpress_file_uploadn/a — 4.24.7

▶NVDiptanus/wordpress_file_upload< 4.24.8

🔴Vulnerability Details

CVEList

WordPress File Upload plugin <= 4.24.7 - Broken Access Control + CSRF vulnerability↗2024-11-01

▶

GHSA

GHSA-c6g5-vgf8-p856: Broken Access Control vulnerability in Nickolas Bossinas WordPress File Upload allows Exploiting Incorrectly Configured Access Control Security Levels↗2024-11-01

▶