CVE-2024-10586
Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution.
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution. CVE-2024-52416 may be a duplicate of this issue.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-10-31 CVE Reserved
- 2024-11-08 CVE Published
- 2024-11-09 EPSS Updated
- 2024-11-10 First Exploit
- 2024-11-21 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
| URL | Date | SRC |
|---|---|---|
| https://github.com/RandomRobbieBF/CVE-2024-10586 | 2024-11-10 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Eugenbobrowski Search vendor "Eugenbobrowski" | Debug Tool Search vendor "Eugenbobrowski" for product "Debug Tool" | <= 2.2 Search vendor "Eugenbobrowski" for product "Debug Tool" and version " <= 2.2" | en |
Affected
| ||||||