216.73.216.86

CVE-2024-4873

· Published 19/06/2024 04:15 · Modified 19/06/2024 04:15

Labels: CVE-2024-4873 2024-06-19CVE-2024-4873[email protected]

Essential information

Published
19/06/2024 04:15
Modified
19/06/2024 04:15
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level access and above, to replace images uploaded by higher level users such as admins.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References