SB2024110419 - Multiple vulnerabilities in Wux Blog Editor plugin for WordPress
Published: November 4, 2024 Updated: February 27, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Arbitrary file upload (CVE-ID: CVE-2024-9932)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload in the "wuxbt_insertImageNew" function. A remote attacker can upload a malicious file and execute it on the server.
2) Improper Authentication (CVE-ID: CVE-2024-9931)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can log in to the first administrator user.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve
- https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675
- https://www.wordfence.com/threat-intel/vulnerabilities/id/494ef738-c900-4d00-8739-3b261586d4ff?source=cve