Vulnerabilities

CVE-2024-11635

by Fred · 08/01/2025

The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the ‘wfu_ABSPATH’ cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.

More information : https://plugins.svn.wordpress.org/wp-file-upload/trunk/wfu_file_downloader.php

Similar

Tags: Cybersecurity Alert