CVE-2024-6366
Severity:
CRITICAL
Type:
Unavailable / Other
Publication date:
29/07/2024
Last modified:
01/08/2024
Description
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL