CVE-2024-58348

CRITICAL WAF: Medium

CVSS 9.8 Published: 2026-06-08

CWE-434

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

WAF Coverage Analysis

Unrestricted File Upload Medium WAF Coverage

OWASP: A04:2021 Insecure Design

930xxx - Local File Inclusion

References

wordpress.org
wordpress.org
www.exploit-db.com
www.vulncheck.com

Back to CVE Database