High severity8.8NVD Advisory· Published Jan 9, 2025· Updated Apr 15, 2026
CVE-2024-12848
CVE-2024-12848
Description
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=4.6
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.