cleantalk
Vulnerabilities and Security Researches

Background Image Cropper, CVE-2024-58348

CVE, Research URL

CVE-2024-58348

Home page URL

Security reports for Background Image Cropper

Application

Background Image Cropper

Published on
Jun 08, 2026
Research Description
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
Affected versions
max 1.2.
Status
vulnerable
Previous vulnerability researches
WP GDPR Cookie Consent (CVE-2026-8977) , Jun 10, 2026
WP GDPR Cookie Consent (CVE-2025-53316) , Jul 02, 2025
New vulnerability
Recover Exit For WooCommerce (CVE-2026-9662) , Jun 11, 2026
Montonio for WooCommerce (CVE-2026-48873) , Jun 11, 2026
Background Image Cropper (CVE-2024-58348) , Jun 11, 2026
ELEX WordPress HelpDesk & Customer Ticketing System (CVE-2026-48964) , Jun 11, 2026
Helpfulcrowd Product Reviews (CVE-2026-8499) , Jun 11, 2026