CVE-2024-58348

Sažetak

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

Reference

https://wordpress.org
https://wordpress.org/plugins/background-image-cropper/
https://www.exploit-db.com/exploits/51998
https://www.vulncheck.com/advisories/wordpress-background-image-cropper-remote-code-execution

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

08-06-2026 - 02:16

Objavljeno

08-06-2026 - 02:16