CVE-2024-8252

NVD Published Date: August 30, 2024 at 10:15 AM
NVD Last Modified: September 03, 2024 at 02:31 PM
Download Patch
Vulnerability ID
CVE-2024-8252
Severity
HIGH
Severity Score
8.8
Summary
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-829

Recent Publish

CVE-2024-8331

CVE-2022-48944

CVE-2024-8332

CVE-2024-8335

CVE-2024-8260

CVE-2024-8334

See SecOps Solution
in action

Schedule Demo