CVE-2024-9942: WPGYM WordPress Plugin Unauthenticated Arbitrary File Upload

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload 2. Description: The WPGYM - WordPress Gym Management System plugin contains an unauthenticated arbitrary file upload vulnerability. Due to the lack of file type validation, attackers can upload any file to the affected website server, potentially allowing remote code execution. 3. CVSS Score: 9.8 (Critical) 4. Public Release Date: November 22, 2024 5. Last Updated Date: November 23, 2024 6. Researcher: Tonn 7. Vulnerability ID: CVE-2024-9942 8. Affected Versions: <= 67.1.0 9. Fixed Version: 67.2.0 10. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 11. Reference Link: codecanyon.net 12. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 13. Severity: Critical 14. Disclosure Status: Public 15. Disclosure Date: November 22, 2024 16. Update Date: November 23, 2024 17. Researcher: Tonn 18. Vulnerability ID: CVE-2024-9942 19. Affected Versions: <= 67.1.0 20. Fixed Version: 67.2.0 21. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 22. Reference Link: codecanyon.net 23. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 24. Severity: Critical 25. Disclosure Status: Public 26. Disclosure Date: November 22, 2024 27. Update Date: November 23, 2024 28. Researcher: Tonn 29. Vulnerability ID: CVE-2024-9942 30. Affected Versions: <= 67.1.0 31. Fixed Version: 67.2.0 32. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 33. Reference Link: codecanyon.net 34. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 35. Severity: Critical 36. Disclosure Status: Public 37. Disclosure Date: November 22, 2024 38. Update Date: November 23, 2024 39. Researcher: Tonn 40. Vulnerability ID: CVE-2024-9942 41. Affected Versions: <= 67.1.0 42. Fixed Version: 67.2.0 43. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 44. Reference Link: codecanyon.net 45. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 46. Severity: Critical 47. Disclosure Status: Public 48. Disclosure Date: November 22, 2024 49. Update Date: November 23, 2024 50. Researcher: Tonn 51. Vulnerability ID: CVE-2024-9942 52. Affected Versions: <= 67.1.0 53. Fixed Version: 67.2.0 54. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 55. Reference Link: codecanyon.net 56. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 57. Severity: Critical 58. Disclosure Status: Public 59. Disclosure Date: November 22, 2024 60. Update Date: November 23, 2024 61. Researcher: Tonn 62. Vulnerability ID: CVE-2024-9942 63. Affected Versions: <= 67.1.0 64. Fixed Version: 67.2.0 65. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 66. Reference Link: codecanyon.net 67. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 68. Severity: Critical 69. Disclosure Status: Public 70. Disclosure Date: November 22, 2024 71. Update Date: November 23, 2024 72. Researcher: Tonn 73. Vulnerability ID: CVE-2024-9942 74. Affected Versions: <= 67.1.0 75. Fixed Version: 67.2.0 76. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 77. Reference Link: codecanyon.net 78. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 79. Severity: Critical 80. Disclosure Status: Public 81. Disclosure Date: November 22, 2024 82. Update Date: November 23, 2024 83. Researcher: Tonn 84. Vulnerability ID: CVE-2024-9942 85. Affected Versions: <= 67.1.0 86. Fixed Version: 67.2.0 87. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 88. Reference Link: codecanyon.net 89. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 90. Severity: Critical 91. Disclosure Status: Public 92. Disclosure Date: November 22, 2024 93. Update Date: November 23, 2024 94. Researcher: Tonn 95. Vulnerability ID: CVE-2024-9942 96. Affected Versions: <= 67.1.0 97. Fixed Version: 67.2.0 98. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 99. Reference Link: codecanyon.net 100. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 101. Severity: Critical 102. Disclosure Status: Public 103. Disclosure Date: November 22, 2024 104. Update Date: November 23, 2024 105. Researcher: Tonn 106. Vulnerability ID: CVE-2024-9942 107. Affected Versions: <= 67.1.0 108. Fixed Version: 67.2.0 109. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 110. Reference Link: codecanyon.net 111. Vulnerability Type: Unrestricted Upload of File with Dangerous Type 112. Severity: Critical 113. Disclosure Status: Public 114. Disclosure Date: November 22, 2024 115. Update Date: November 23, 2024 116. Researcher: Tonn 117. Vulnerability ID: CVE-2024-9942 118. Affected Versions: <= 67.1.0 119. Fixed Version: 67.2.0 120. Remediation Recommendation: Upgrade to version 67.2.0 or higher. 121. Reference Link: codecanyon.net

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9942: WPGYM WordPress Plugin Unauthenticated Arbitrary File Upload

More from this source