CVE-2024-5080

Summary

The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server

Affected Software

VendorProductVersion RangeStatus
Unknownwp-eMember0 < 10.6.6affected

Weaknesses

  • CWE-434 Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References