cleantalk
Vulnerabilities and Security Researches

IMGspider – 图片采集抓取插件, CVE-2024-6319

CVE, Research URL

CVE-2024-6319

Home page URL

Security reports for IMGspider – 图片采集抓取插件

Application

IMGspider – 图片采集抓取插件

Published on
Jul 04, 2024
Research Description
The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
max 2.3.11.
Status
vulnerable
Previous vulnerability researches
IMGspider – 图片采集抓取插件 (CVE-2024-6319) , Jul 06, 2024
IMGspider – 图片采集抓取插件 (CVE-2024-6318) , Jul 06, 2024
IMGspider – 图片采集抓取插件 (CVE-2026-22482) , Jan 28, 2026
New vulnerability
APPExperts – Mobile App Builder for WordPress | WooCommerce to iOS and Android Apps (CVE-2025-68881) , Jan 28, 2026
Simple Calendar – Google Calendar Plugin (CVE-2025-68979) , Jan 28, 2026
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2025-14901) , Jan 28, 2026
IMGspider – 图片采集抓取插件 (CVE-2026-22482) , Jan 28, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2025-15380) , Jan 28, 2026