← back
CVE-2024-43160

WordPress BerqWP plugin <= 1.7.6 - Unauthenticated Arbitrary File Upload vulnerability

CVSS 10 CRITICALEPSS 4.6%CWE-434
Vexday Risk Score
63High priority
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 10EPSS 4.6%KEV nãoPoC públicaNuclei simMetasploit Patch
Lifecycle
13 Aug 2024Published on NVD
17 Sep 2024Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Unrestricted Upload of File with Dangerous Type vulnerability in BerqWP allows Code Injection.This issue affects BerqWP: from n/a through 1.7.6.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
BerqWP · BerqWP
public PoCs found1
githubgithub.com/KTN1990/CVE-2024-431602
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve