WordPress File Upload, CVE-2024-11635

CVE, Research URL: CVE-2024-11635
Home page URL: Security reports for WordPress File Upload
Application: WordPress File Upload
Published on: Jan 08, 2025
Research Description: The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
Affected versions: Min -, max 4.24.14.
Status: vulnerable