CRITICALVulnerability
Verified
Global

NVD CRITICAL: CVE-2024-58348 — WordPress Background Image Cropper version 1.2 contains a remote code execution ...

·Source: NIST NVD

Updated:

Executive Summary

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server.

Analysis

WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attackers can upload PHP files through the file upload form in the plugin directory to execute arbitrary code on the server. CVSS Score: 9.8. Published: 2026-06-08T02:16:23.267.

Indicators of Compromise (1)

CVE (1)
CVE-2024-58348
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on Jun 8, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

TradeStation expands into Europe

TradeStation Group, Inc. (“TradeStation”) today announced the launch of TradeStation Europe B.V. (“TradeStation Europe”), a fully licensed MiFID Investment Firm in the European Union, regulated by the Dutch Authority for the Financial Markets (AFM) in the Netherlands, to operate as an investment services firm in Europe.

Finextra
MEDIUMVulnerabilityNEW

Microsoft: Some Windows PCs fail to install latest monthly updates

Microsoft warned customers on Tuesday that they may have issues installing the latest monthly updates on some Windows devices that were upgraded to Windows 11 24H2 or 25H2. [...]

BleepingComputer
MEDIUMVulnerability

Top Japanese banks plot stablecoin roll out

Three of Japan's top banks have joined forces to issue a Yen-backed stablecoin in 2026.

Finextra