Main Vulnerability Database Vulnerabilities #VU99656

Arbitrary file upload in Wux Blog Editor - CVE-2024-9932

Published: November 4, 2024 / Updated: February 27, 2026

Vulnerability identifier: #VU99656

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2024-9932

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Jurre de Klijn

Affected software:
Wux Blog Editor

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in the "wuxbt_insertImageNew" function. A remote attacker can upload a malicious file and execute it on the server.

How to mitigate CVE-2024-9932

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources

https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cve
https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675

Arbitrary file upload in Wux Blog Editor - CVE-2024-9932

Detailed vulnerability description

How to mitigate CVE-2024-9932

Sources

Please verify you're human