WordPress: Plugin Upload Vulnerability Alert - Proactive Insights and Support For Open-Source Applications

In WordPress a high severity vulnerability CVE-2024-31210 was detected. Administrative users in WordPress may unintentionally upload harmful files when adding new plugins, potentially leading to unauthorized execution of code. However, this mainly affects high-level administrators and multi-site setups, with lower-level users and sites with specific security configurations being unaffected. This vulnerability is resolved in WordPress version 6.4.3 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31210/.