cleantalk
Vulnerabilities and Security Researches

Background Image Cropper, CVE-2024-58348

CVE, Research URL

CVE-2024-58348

Home page URL

Security reports for Background Image Cropper

Application

Background Image Cropper

Published on
Jun 08, 2026
Research Description
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
Affected versions
max 1.2.
Status
vulnerable
Previous vulnerability researches
Global Body Mass Index Calculator (CVE-2026-8883) , Jun 11, 2026
New vulnerability
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2026-4986) , Jun 11, 2026
Spam protection, Anti-Spam, FireWall by CleanTalk (CVE-2026-8071) , Jun 11, 2026
Recover Exit For WooCommerce (CVE-2026-9662) , Jun 11, 2026
Montonio for WooCommerce (CVE-2026-48873) , Jun 11, 2026
Background Image Cropper (CVE-2024-58348) , Jun 11, 2026