CVE-2024-12209 | wphealth WP Umbrella Plugin up to 2.17.0 on WordPress umbrella-restore filename filename control

Inserito da Angelo Barbosa | Dic 8, 2024 | CVE

A vulnerability classified as critical was found in wphealth WP Umbrella Plugin up to 2.17.0 on WordPress. Affected by this vulnerability is the function umbrella-restore. The manipulation of the argument filename leads to improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2024-12209. The attack can be launched remotely. There is no exploit available.

CVE-2024-12209 | wphealth WP Umbrella Plugin up to 2.17.0 on WordPress umbrella-restore filename filename control

Post correlati

CVE-2024-1909 | Categorify Plugin up to 1.0.7.4 on WordPress categorifyAjaxRenameCategory cross-site request forgery

CVE-2024-25260 | elfutils 0.189 readelf.c handle_verdef null pointer dereference

CVE-2024-9204 | Smart Custom 404 Error Page Plugin up to 11.4.7 on WordPress cross site scripting

CVE-2024-44129 | Apple macOS up to 13.6 User Information information disclosure