CVE-2024-0757

MEDIUM

WordPress Plugin <4.3000000023 - Code Injection

Title source: llm

Description

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 is not properly filtering which file extensions are allowed to be imported on the server, allowing the uploading of malicious code within zip files

Exploits (1)

nomisec WORKING POC 8 stars

by hunThubSpace · poc

https://github.com/hunThubSpace/CVE-2024-0757-Exploit

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/

Scores

CVSS v3 5.4

EPSS 0.5907

EPSS Percentile 98.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

elearningfreak/insert_or_embed_articulate_content < 4.3000000023

Published Jun 04, 2024

Tracked Since Feb 18, 2026