CRITICAL✓ PATCH🇬🇧 English

CVE-2020-24186

CVSS 10.0v3.1pub. 2020-08-24upd. 2024-11-21

A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Gvectors Wpdiscuz

    APP
    Gvectors
    7.0 – 7.0.4
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2026-22193CRITICAL9.2PL ✓ten sam produkt

SQL Injection w wtyczce WordPress wpDiscuz (getAllSubscriptions)

CVE-2024-9488CRITICAL9.8PL ✓ten sam produkt

Authentication bypass w pluginie wpDiscuz dla WordPress (do wersji 7.6.24)

CVE-2020-13640CRITICAL9.8ten sam produkt

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers ...

CVE-2026-22192HIGH8.8ten sam produkt

Voltronic Power SNMP Web Pro version 1.1 contains an authentication bypass vulnerability that allows unauthent...

CVE-2026-22182HIGH8.7ten sam produkt

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users...