CVE-2024-58348
CriticalCVSS 9.8Summary
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.
Risk Assessment
This vulnerability poses a serious risk to organizations as it allows attackers to execute remote code, potentially leading to server takeover and data breaches.
Recommendation
It is recommended to immediately update the plugin to the latest version that addresses this vulnerability and to conduct a security audit of the server to identify potential threats.
Original NVD description (English source)
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

