CVE-2024-5807

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
0.7%
top 28.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Business CardEsterox Business Card
Timeline
PublishedJul 30

Description

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/business_card1.0.0

🔴Vulnerability Details

2
CVEList
Business Card <= 1.0.0 - Admin+ File Upload2024-07-30
GHSA
GHSA-42w6-9898-chc9: The Business Card WordPress plugin through 12024-07-30
CVE-2024-5807 (HIGH CVSS 7.2) | The Business Card WordPress plugin | cvebase.io