CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35746 – WordPress BuddyPress Cover plugin <= 2.1.4.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-35746
06 Jun 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Asghar Hatampoor BuddyPress Cover permite la inyección de código. Este problema afecta a BuddyPress Cover: desde n/a hasta 2.1.4.2. The BuddyPress Cover plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation... • https://patchstack.com/database/vulnerability/bp-cover/wordpress-buddypress-cover-plugin-2-1-4-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •