CVE-2024-5807

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-5807
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ Exploit Third Party Advisory
https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*
History

28 May 2025, 00:50

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ - () https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ - Exploit, Third Party Advisory
CPE cpe:2.3:a:esterox:business_card:1.0.0:*:*:*:*:wordpress:*:*
CWE NVD-CWE-noinfo
First Time Esterox
Esterox business Card

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ - () https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ -

01 Aug 2024, 13:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.2

30 Jul 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) El complemento Business Card WordPress hasta la versión 1.0.0 no impide que los usuarios con privilegios elevados, como los administradores, carguen archivos PHP maliciosos, lo que podría permitirles ejecutar código arbitrario en los servidores que alojan su sitio, incluso en configuraciones Multisitio.

30 Jul 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-30 06:15

Updated : 2025-05-28 00:50

NVD link : CVE-2024-5807

Mitre link : CVE-2024-5807

CVE.ORG link : CVE-2024-5807

JSON object : View

Products Affected

esterox

  • business_card
CWE
NVD-CWE-noinfo