CVE-2024-11617 – “Envolve Plugin WordPress File Upload Vulnerability”

May 9, 2025

CVE ID : CVE-2024-11617

Published : May 9, 2025, 7:16 a.m. | 59 minutes ago

Description : The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ‘zetra_languageUpload’ and ‘zetra_fontsUpload’ functions in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2253 – IMITHEMES Listing Plugin Privilege Escalation Vulnerability

Next Article May 2025 Patch Tuesday forecast: Panic, change, and hope

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

3 portable power stations I travel everywhere with (and how they differ)

I tried Lenovo’s new rollable ThinkBook and can’t go back to regular-sized screens

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

spatie/laravel-flare

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

The Creators of the Acclaimed Silent Hill 2 Remake Present a Deep Dive Into the Story of Their Newest Horror Game IP — and It’s So Bizarre and Insane That It’s Convinced Me To Put It on My Wishlist

Forget Back to School Deals — Lenovo’s Clearance Sale is Where You’ll Find Amazing Discounts on Laptops, Mini PCs, and More, While Supplies Last

The Gaming Desktop I’ve Relied on More Than Any Other Is More Powerful and Sleeker Than Ever — But Damn, It’s Expensive

CVE-2024-11617 – “Envolve Plugin WordPress File Upload Vulnerability”

Android adware: What is it, and how do I get it off my device?

Black Hat USA 2025: Is a high cyber insurance premium about your risk, or your insurer’s?

“We want to get the gang back together.” Star Wars Battlefront 2 devs say they’d come back as player counts skyrocket, fans clamor for Battlefront 3 after Andor

HPE Aruba Networking Patches Sensitive Data Exposure Vulnerability in Private 5G Core Platform

CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

CVE-2025-36504 – BIG-IP HTTP/2 httprouter Profile Memory Consumption Vulnerability

CVE-2025-3092 – Cisco WebEx Brute Force User Enumeration

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

CVE-2025-8750 – Macrozheng Mall Cross-Site Scripting Vulnerability

IPFire 2.29 Core Update 194: Tutte le novità del firewall GNU/Linux con kernel 6.12 LTS

CVE-2024-11617 – “Envolve Plugin WordPress File Upload Vulnerability”

Related Posts