- Description
- The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
CVE-2024-13720 Unauthenticated Arbitrary File Deletion in WP Image Uploader Plugin <= 1.0.1 https://t.co/KKlVCnl4EC
@VulmonFeeds
30 Jan 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-13720: HIGH] WordPress Image Uploader plugin has a severe vulnerability allowing unauthenticated attackers to delete files on the server, leading to possible remote code execution. Update to version 1.0...#cybersecurity,#vulnerability https://t.co/eNfQNawoYW https://t.c
@CveFindCom
30 Jan 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13720 The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function()… https://t.co/JYNGKylBJD
@CVEnew
30 Jan 2025
224 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ivanm:wp_image_uploader:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "67476A33-0B3D-45A2-897A-09212AA11AE5",
"versionEndIncluding": "1.0.1"
}
],
"operator": "OR"
}
]
}
]