Critical severity9.1NVD Advisory· Published Jul 29, 2024· Updated Jun 17, 2026
CVE-2024-6366
CVE-2024-6366
Description
The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <3.11.8
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.