How severe is CVE-2024-13707?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-13707?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-13707 - HIGH Severity | CVSS 8.1

Vulnerability Description

The WP Image Uploader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the gky_image_uploader_main_function() function. This makes it possible for unauthenticated attackers to delete arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Related Vulnerabilities

CVE-2015-9455

HIGH

CVSS:8.1(High)

The buddypress-activity-plus plugin before 1.6.2 for WordPress has CSRF with resultant directory traversal via the wp-admin/admin-ajax.php bpfb_photos[] parameter in a bpfb_remove_temp_images action.

CWE-3522015

CVE-2017-1000504

HIGH

CVSS:8.1(High)

A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after ...

CWE-3522017

CVE-2017-8099

HIGH

CVSS:8.1(High)

There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.

CWE-3522017

CVE-2017-9963

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists on the Secure Gateway component of Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 ...

CWE-3522017

CVE-2018-1000414

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Config File Provider Plugin 3.1 and earlier in ConfigFilesManagement.java, FolderConfigFileAction.java that allows creating and editing con...

CWE-3522018

CVE-2018-1000417

HIGH

CVSS:8.1(High)

A cross-site request forgery vulnerability exists in Jenkins Email Extension Template Plugin 1.0 and earlier in ExtEmailTemplateManagement.java that allows creating or removing templates.

CWE-3522018