CVE-2024-58348EPSS p50.7%

CVE-2024-58348CVE-2024-58348

Description

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

Scoring

CVSS 9.8 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.77% probability of exploitation · percentile 50.7% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13329
CVE
CVE-2024-58349
CVE
CVE-2025-9561
CVE
CVE-2025-2512
CVE
CVE-2025-12154
CVE
WordPress File Manager Plugin Remote Code Execution Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.