CVE-2024-5677 – The Featured Image Generator plugin for WordPress

CVE ID : CVE-2024-5677

Published : July 10, 2024, 2:15 a.m. | 1 hour, 5 minutes ago

Description : The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…CVE ID : CVE-2024-5677

Published : July 10, 2024, 2:15 a.m. | 1 hour, 5 minutes ago

Description : The Featured Image Generator plugin for WordPress is vulnerable to unauthorized image upload due to a missing capability check on the fig_save_after_generate_image function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary images to a post-related gallery.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…