WordPress Plugin Vulnerabilities

Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload

Description

The Copymatic – AI Content Writer & Generator plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

Plugin icon
copymatic
Fixed in 1.7

References

CVE
CVE-2024-31351
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/3def97d8-4f25-4a67-bdce-7664a5c318bc

Miscellaneous

Original Researcher
Francois Harvey
Verified
No
WPVDB ID
fb46a0f1-1b4b-4742-8eaf-a317aa5e80bb

Timeline

Publicly Published
2024-05-14 (about 2 years ago)
Added
2024-05-20 (about 2 years ago)
Last Updated
2024-05-20 (about 2 years ago)

Other

Published
Title
Published
2024-10-14
Title
Digital Lottery <= 3.0.5 - Unauthenticated Arbitrary File Upload
Published
2012-06-07
Title
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload
Published
2013-11-02
Title
Chameleon - Arbitrary File Upload
Published
2014-08-01
Title
VideoWhisper Video Conference Integration 4.51 - Arbitrary File Upload
Published
2016-06-13
Title
Remote Upload <= 1.2.1 - Unrestricted File Upload