CVE-2024-13714 | allimages All-Images.ai Plugin up to 1.0.4 on WordPress _get_image_by_url unrestricted upload

Inserito da Angelo Barbosa | Feb 12, 2025 | CVE

A vulnerability, which was classified as critical, was found in allimages All-Images.ai Plugin up to 1.0.4 on WordPress. Affected is the function _get_image_by_url. The manipulation leads to unrestricted upload.

This vulnerability is traded as CVE-2024-13714. It is possible to launch the attack remotely. There is no exploit available.

CVE-2024-13714 | allimages All-Images.ai Plugin up to 1.0.4 on WordPress _get_image_by_url unrestricted upload

Post correlati

CVE-2024-3851 | imartinez privategpt cross site scripting

CVE-2023-51404 | MyAgilePrivacy My Agile Privacy Plugin up to 2.1.7 on WordPress cross site scripting

CVE-2024-11811 | Feedify Plugin up to 2.4.2 on WordPress cross site scripting

CVE-2024-42252 | Linux Kernel up to 6.9.10 closures lib/closure.c denial of service (5d85f2ab79d5/339b84ab6b1d)