CVE-2024-37420 – WordPress Zita Elementor Site Library plugin <= 1.6.1 - Arbitrary Code Execution vulnerability

https://notcve.org/view.php?id=CVE-2024-37420

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1. La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en WPZita Zita Elementor Site Library permite cargar un Web Shell a un servidor web. Este problema afecta a Zita Elementor Site Library: desde n/a hasta 1.6.1. The Zita Elementor Site Library plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the import functions found in inc/admin-ajax.php in all versions up to, and including, 1.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload malicious files that can be used for remote code execution. • https://patchstack.com/database/vulnerability/zita-site-library/wordpress-zita-elementor-site-library-plugin-1-6-1-arbitrary-code-execution-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-862: Missing Authorization •