CVE-2024-3112: Quotes and Tips < 1.45 - Admin+ Arbitrary File Upload
First published: Fri Jul 12 2024(Updated: )
The Quotes and Tips by BestWebSoft WordPress plugin before 1.45 does not properly validate image files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BestWebSoft Quotes and Tips | <1.45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-3112?
CVE-2024-3112 is considered a high severity vulnerability due to improper validation of image file uploads.
How do I fix CVE-2024-3112?
To fix CVE-2024-3112, update the Quotes and Tips by BestWebSoft WordPress plugin to version 1.45 or later.
Who is affected by CVE-2024-3112?
CVE-2024-3112 affects users of the Quotes and Tips by BestWebSoft WordPress plugin version prior to 1.45, especially in multisite setups.
What type of attack can CVE-2024-3112 facilitate?
CVE-2024-3112 can facilitate unauthorized file uploads on the server by high privilege users such as admins.
Can CVE-2024-3112 be exploited in multisite WordPress installations?
Yes, CVE-2024-3112 can be exploited in multisite WordPress installations due to inadequate file upload controls.
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- agent/severity
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/bestwebsoft
- canonical/bestwebsoft quotes and tips