Overview
- Description
- The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-862
Social media
- Hype score
- Not currently trending
CVE-2024-10586 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the db..https://t.co/nuY4nN7Yty #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
14 Nov 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10586 (Published: 2024-11-09) - A critical vulnerability in WordPress affects the Debug Tool plugin. Ensure you're using the latest version to mitigate risks. For remediation, update your plugin immediately! More info: https://t.co/vSLkF4h80b #WordPressSecurity
@transilienceai
13 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10586 (Published: 2024-11-09) - A critical vulnerability in WordPress affects the Debug Tool plugin. Ensure your site is secure by updating to the latest version. Check the details here: https://t.co/vSLkF4h80b #WordPress #SecurityUpdate
@transilienceai
13 Nov 2024
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10586 (Published: 2024-11-09) - A critical vulnerability in WordPress affects the Debug Tool plugin. Ensure you're using the latest version to mitigate risks. Check the code for potential exploits here: [Image Puller](https://t.co/vSLkF4h80b). Stay secure! 🔒… https:/
@transilienceai
13 Nov 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10586 (Published: 2024-11-09) - A critical vulnerability in WordPress has been identified. Affected versions include the Debug Tool plugin. Remediation is essential! Update your plugin to the latest version to protect your site. More info: https://t.co/vSLkF4h80b… htt
@transilienceai
13 Nov 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-10586 (Published: 2024-11-09) - A critical vulnerability in WordPress has been identified. Affected versions include the Debug Tool plugin. To mitigate risks, ensure you update to the latest version and review the code at: https://t.co/vSLkF4h80b #WordPressSecurity
@transilienceai
13 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10586: CRITICAL] WordPress Debug Tool vulnerable to remote code execution via arbitrary file creation due to missing capability check & validation up to v2.2. Stay alert for attacks! #cybersecurity#cybersecurity,#vulnerability https://t.co/NfVaKbJf5o https://t.co/WM
@CveFindCom
9 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10586 The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type … https://t.co/YcleAdHoPv
@CVEnew
9 Nov 2024
378 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes