- Description
- The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-94
- Hype score
- Not currently trending
CVE-2024-12471 (CVSS:8.8, HIGH) is Awaiting Analysis. The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is..https://t.co/iJTKnzXNYg #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
12 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12471: HIGH] Vulnerability in Post Saint plugins for WordPress allows arbitrary file uploads by authenticated users, enabling remote code execution. Update to version 1.3.2 to patch the security flaw.#cybersecurity,#vulnerability https://t.co/Bxg4oQwx1X https://t.co/w8g
@CveFindCom
7 Jan 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes