Loading market data...
← Back to CVE feed

CVE-2024-58348

CRITICAL CVSS 9.8 View on NVD ↗

Description

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: Jun 08, 2026 02:16 UTC Modified: Jun 08, 2026 14:59 UTC