cve/CVE-2024-6366.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 3428c6bdc6 Update CVE sources 2024-08-05 18:41

2024-08-05 18:41:32 +00:00

751 B

Raw Permalink Blame History

CVE-2024-6366

Description

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

POC

Reference

https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/

Github

https://github.com/nomi-sec/PoC-in-GitHub

751 B Raw Permalink Blame History

CVE-2024-6366

Description

POC

Reference

Github

751 B

Raw Permalink Blame History