CVE-2024-12854 – “WordPress Garden Gnome Package Plugin Remote Code Execution File Upload Vulnerability”

1月 8, 2025
11:16 am

CVE ID : CVE-2024-12854

Published : Jan. 8, 2025, 10:15 a.m. | 1 hour, 1 minute ago

Description : The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts ‘ggpkg’ files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-12854 – “WordPress Garden Gnome Package Plugin Remote Code Execution File Upload Vulnerability”

Elvescore.io

Recent Posts

CVE-2025-21102 – Dell VxRail Plaintext Storage of a Password Vulnerability

CVE-2024-11423 – WooCommerce Gift Cards Advanced Coupons Unauthorized Data Modification

CVE-2024-11830 – DearFlip for WordPress Stored Cross-Site Scripting Vulnerability

CVE-2024-12337 – Planzer Shipping via WooCommerce Reflected Cross-Site Scripting

CVE-2024-12712 – BigCommerce Unauthenticated Order Status Modification Vulnerability

CVE-2024-12853 – WordPress Modula Image Gallery Remote File Upload Vulnerability

CVE-2024-12854 – “WordPress Garden Gnome Package Plugin Remote Code Execution File Upload Vulnerability”

CVE-2024-12854 – “WordPress Garden Gnome Package Plugin Remote Code Execution File Upload Vulnerability”