CVE-2024-6366

Summary

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

Affected Software

VendorProductVersion RangeStatus
UnknownUser Profile Builder0 < 3.11.8affected

Weaknesses

  • CWE-862 Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

References