CVE-2024-10590

HIGH

Opt-In Downloads plugin for WordPress <4.07 - Command Injection

Title source: llm

Description

The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present.

References (2)

Core 2

Core References

Various Sources

https://codecanyon.net/item/subscribe-download/2687305

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/5c3c20b8-12cf-4ce6-a1d4-99204df33fcd?source=cve

Scores

CVSS v3 8.8

EPSS 0.1227

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

halfdata/Opt-In Downloads < 4.07

Published Dec 12, 2024

Tracked Since Feb 18, 2026