CVE-2024-56264

MEDIUM6.6Remote code exec

Description

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector acf-city-selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through <= 1.14.0.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

Beee / ACF City Selector0 – 1.14.0

References

MISChttps://patchstack.com/database/Wordpress/Plugin/acf-city-selector/vulnerability/wordpress-acf-city-selector-plugin-1-14-0-arbitrary-file-upload-vulnerability?_s_id=cve