CVEs-PoC/2024/CVE-2024-6366.md at 4e4e30233e70832d643d5c6ab6fbfa6f130b4bb1

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-29 20:39:28 +02:00

Files

T

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.0 KiB

Raw Blame History

CVE-2024-6366

Description

The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.

POC

Reference

https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/

Github

https://github.com/20142995/nuclei-templates
https://github.com/Abdurahmon3236/CVE-2024-6366
https://github.com/Nxploited/CVE-2024-6366-PoC
https://github.com/drcrypterdotru/BurnWP-Framework
https://github.com/fkie-cad/nvd-json-data-feeds
https://github.com/nomi-sec/PoC-in-GitHub
https://github.com/purwocode/burning-wp

1.0 KiB Raw Blame History

CVE-2024-6366

Description

POC

Reference

Github

1.0 KiB

Raw Blame History