Critical severity9.8NVD Advisory· Published Jan 8, 2025· Updated Apr 8, 2026
CVE-2024-11635
CVE-2024-11635
Description
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:iptanus:wordpress_file_upload:*:*:*:*:*:wordpress:*:*Range: <4.24.15
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.