漏洞描述
WordPress Ajar in5 Embed 插件存在文件上传漏洞,攻击者可以通过上传特制的文件(如PHP脚本)在服务器上执行任意代码,进而可能导致敏感信息泄露、数据篡改或服务器被完全控制。该漏洞影响插件的文件上传功能,攻击者无需认证即可利用此漏洞。
WordPress Ajar in5 Embed 插件 /wp-admin/admin-ajax.php in5 文件上传漏洞(CVE-2024-50473)
PoC代码
暂无相关漏洞推荐
- WordPress Kognetiks Chatbot for WordPress <= 2.0.0 任意文件上传漏洞
- WordPress Verbalize WP 存在任意文件上传漏洞(CVE-2024-49668)
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- WordPress WooCommerce Designer Pro 插件 /wp-admin/admin-ajax.php wcdp_save_canvas_design_ajax 文件上传漏洞(CVE-2025-6440)
- POC CVE-2025-4302: Stop User Enumeration WordPress plugin - Authentication Bypass
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- WordPress Events Manager /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2025-6970)
- wordpress /wp-json/wp/v2/users 信息泄露漏洞
- WordPress plugin WP JobHunt 跨站脚本漏洞
- WordPress Featured Image from URL plugin信息泄露漏洞(CVE-2025-9985)
- Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011)
- Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419)