Overview
- Description
- The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStartOptimization() function. This is due to the plugin passing user supplied input to eval(). This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- security@wordfence.com
- CWE-95
Social media
- Hype score
- Not currently trending
[CVE-2024-8512: CRITICAL] WordPress plugin W3SPEEDSTER is at risk due to a Remote Code Execution vulnerability in all versions up to 7.26. Attackers with admin access can exploit it via the 'script' parameter.#cybersecurity,#vulnerability https://t.co/laqIkWxqmb https://t.co/kAtc
@CveFindCom
30 Oct 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8512 The W3SPEEDSTER plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 7.26 via the 'script' parameter of the hookBeforeStart… https://t.co/DSLV14WvC0
@CVEnew
30 Oct 2024
420 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes