CVE-2024-10547: WP Membership Unauthenticated Arbitrary File Upload

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: WP Membership <= 1.6.2 - Unauthenticated Arbitrary File Upload 2. Score: 9.8 (Critical) 3. CVE ID: CVE-2024-10547 4. CVSS Score: 9.8 5. Public Release Date: November 8, 2024 6. Update Date: November 9, 2024 7. Researcher: Tonn 8. Affected Versions: <= 1.6.2 9. Fixed Version: 1.6.3 10. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 11. Reference Link: codecanyon.net 12. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 13. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 14. Vulnerability Database: Vulnerability Database 15. Severity Level: Critical 16. Vulnerability Score: 9.8 17. Public Release Date: November 8, 2024 18. Update Date: November 9, 2024 19. Researcher: Tonn 20. Affected Versions: <= 1.6.2 21. Fixed Version: 1.6.3 22. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 23. Reference Link: codecanyon.net 24. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 25. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 26. Vulnerability Database: Vulnerability Database 27. Severity Level: Critical 28. Vulnerability Score: 9.8 29. Public Release Date: November 8, 2024 30. Update Date: November 9, 2024 31. Researcher: Tonn 32. Affected Versions: <= 1.6.2 33. Fixed Version: 1.6.3 34. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 35. Reference Link: codecanyon.net 36. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 37. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 38. Vulnerability Database: Vulnerability Database 39. Severity Level: Critical 40. Vulnerability Score: 9.8 41. Public Release Date: November 8, 2024 42. Update Date: November 9, 2024 43. Researcher: Tonn 44. Affected Versions: <= 1.6.2 45. Fixed Version: 1.6.3 46. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 47. Reference Link: codecanyon.net 48. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 49. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 50. Vulnerability Database: Vulnerability Database 51. Severity Level: Critical 52. Vulnerability Score: 9.8 53. Public Release Date: November 8, 2024 54. Update Date: November 9, 2024 55. Researcher: Tonn 56. Affected Versions: <= 1.6.2 57. Fixed Version: 1.6.3 58. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 59. Reference Link: codecanyon.net 60. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 61. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 62. Vulnerability Database: Vulnerability Database 63. Severity Level: Critical 64. Vulnerability Score: 9.8 65. Public Release Date: November 8, 2024 66. Update Date: November 9, 2024 67. Researcher: Tonn 68. Affected Versions: <= 1.6.2 69. Fixed Version: 1.6.3 70. Description: The WP Membership plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation in the function across all versions (including 1.6.2), unauthorized attackers can upload arbitrary files to the affected website's server, potentially allowing remote code execution. 71. Reference Link: codecanyon.net 72. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 73. Public Vulnerability Database: Wordfence Intelligence Vulnerability Database 74. Vulnerability Database: Vulnerability Database 75. Severity Level: Critical 76. Vulnerability Score: 9.8 77. Public Release Date: November 8, 2024 78. Update Date: November 9, 2

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-10547: WP Membership Unauthenticated Arbitrary File Upload

More from this source