WordPress AI Power Plugin Unauthenticated Arbitrary File Upload (CVE-2024-10392)

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: AI Power: Complete AI Pack <= 1.8.89 - Unauthenticated Arbitrary File Upload 2. CVSS Score: 9.8 (Critical) 3. Public Release Date: October 30, 2024 4. Last Updated Date: October 31, 2024 5. Researcher: vgo0 6. Affected Versions: <= 1.8.89 7. Fixed Version: 1.8.90 8. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 9. Reference Link: plugins.trac.wordpress.org 10. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 11. Vulnerability ID: CVE-2024-10392 12. Vulnerability Score: 9.8 (Critical) 13. Public Release Date: October 30, 2024 14. Last Updated Date: October 31, 2024 15. Researcher: vgo0 16. Affected Versions: <= 1.8.89 17. Fixed Version: 1.8.90 18. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 19. Reference Link: plugins.trac.wordpress.org 20. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 21. Vulnerability ID: CVE-2024-10392 22. Vulnerability Score: 9.8 (Critical) 23. Public Release Date: October 30, 2024 24. Last Updated Date: October 31, 2024 25. Researcher: vgo0 26. Affected Versions: <= 1.8.89 27. Fixed Version: 1.8.90 28. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 29. Reference Link: plugins.trac.wordpress.org 30. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 31. Vulnerability ID: CVE-2024-10392 32. Vulnerability Score: 9.8 (Critical) 33. Public Release Date: October 30, 2024 34. Last Updated Date: October 31, 2024 35. Researcher: vgo0 36. Affected Versions: <= 1.8.89 37. Fixed Version: 1.8.90 38. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 39. Reference Link: plugins.trac.wordpress.org 40. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 41. Vulnerability ID: CVE-2024-10392 42. Vulnerability Score: 9.8 (Critical) 43. Public Release Date: October 30, 2024 44. Last Updated Date: October 31, 2024 45. Researcher: vgo0 46. Affected Versions: <= 1.8.89 47. Fixed Version: 1.8.90 48. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 49. Reference Link: plugins.trac.wordpress.org 50. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 51. Vulnerability ID: CVE-2024-10392 52. Vulnerability Score: 9.8 (Critical) 53. Public Release Date: October 30, 2024 54. Last Updated Date: October 31, 2024 55. Researcher: vgo0 56. Affected Versions: <= 1.8.89 57. Fixed Version: 1.8.90 58. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 59. Reference Link: plugins.trac.wordpress.org 60. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 61. Vulnerability ID: CVE-2024-10392 62. Vulnerability Score: 9.8 (Critical) 63. Public Release Date: October 30, 2024 64. Last Updated Date: October 31, 2024 65. Researcher: vgo0 66. Affected Versions: <= 1.8.89 67. Fixed Version: 1.8.90 68. Description: The AI Power: Complete AI Pack plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in all versions (<= 1.8.89), attackers can upload any file to the affected website server, potentially leading to remote code execution. 69. Reference Link: plugins.trac.wordpress.org 70. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 71. Vulnerability ID: CVE-2024-10392 72. Vulnerability Score: 9.8 (Critical) 73. Public Release Date: October 30, 2024 74. Last Updated Date: October 31, 2024 75. Researcher: vgo0 76. Affected Versions: <= 1.8.89 77. Fixed Version: 1.8.90 78. Description: The AI Power: Complete

Goal Reached Thanks to every supporter — we hit 100%!

WordPress AI Power Plugin Unauthenticated Arbitrary File Upload (CVE-2024-10392)

More from this source