CVE-2024-52429 – WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

https://notcve.org/view.php?id=CVE-2024-52429

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0. La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Anton Hoelstad WP Quick Setup permite cargar un shell web a un servidor web. Este problema afecta a WP Quick Setup: desde n/a hasta 2.0. The WP Quick Setup plugin for WordPress is vulnerable to unauthorized plugin and theme installation due to a missing capability check on a function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins and themes which can be leveraged to achieve remote code execution. • https://patchstack.com/database/vulnerability/wp-quick-setup/wordpress-wp-quick-setup-plugin-2-0-arbitrary-plugin-and-theme-installation-to-remote-code-execution-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •