WordPress Plugin Vulnerabilities

Business Card <= 1.0.0 - Admin+ File Upload

Description

The plugin does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

Proof of Concept

Affects Plugins

Plugin icon
business-card-by-esterox-100
No known fix

References

CVE
CVE-2024-5807

Miscellaneous

Original Researcher
Anjo Rev Tingson
Submitter
Anjo Rev Tingson
Verified
Yes
WPVDB ID
badb16b5-8c06-4170-b605-ea7af8982c1f

Timeline

Publicly Published
2024-07-09 (about 1 year ago)
Added
2024-07-09 (about 1 year ago)
Last Updated
2024-07-09 (about 1 year ago)

Other

Published
Title
Published
2025-05-30
Title
SUMO Affiliates Pro <= 10.7.0 - Unauthenticated Arbitrary File Upload
Published
2025-01-07
Title
Modula Image Gallery < 2.11.11 - Author+ Arbitrary File Upload
Published
2024-06-14
Title
FooEvents for WooCommerce < 1.19.21 - Improper Authorization to (Contributor+) Arbitrary File Upload
Published
2025-09-09
Title
Responsive Filterable Portfolio < 1.0.25 - Authenticated (Admin+) Arbitrary File Upload
Published
2025-12-03
Title
GravityForms < 2.9.23.1 - Unauthenticated Arbitrary File Upload