- Description
- The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' function in versions up to, and including, 4.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
🚨 CVE-2024-13011 ⚠️🔴 CRITICAL (9.8) 🏢 Chimpstudio - WP Foodbakery 🏗️ * 🔗 https://t.co/U7rz0Qyl6J 🔗 https://t.co/goPPOZ5LOv #CyberCron #VulnAlert https://t.co/PCRt7vX23X
@cybercronai
12 Feb 2025
146 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2024-13011 WordPress WP Foodbakery Plugin Unauthenticated Arbitrary File Upload Vulnerability https://t.co/cPIDHJ3Fkr
@VulmonFeeds
10 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13011: CRITICAL] WordPress Foodbakery plugin up to v4.7 vulnerable to arbitrary file uploads, enabling unauthenticated attackers to potentially achieve remote code execution. #CyberSecurity#cybersecurity,#vulnerability https://t.co/G0wa8nTysO https://t.co/wAmRJD6brr
@CveFindCom
10 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13011 The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'upload_publisher_profile_image' functi… https://t.co/xsxQy3931v
@CVEnew
10 Feb 2025
274 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes