CRITICAL
background-image-cropper
CVE published 2026-06-08
CVE-2024-58348
CVE-2024-58348 is a critical remote code execution vulnerability in WordPress Background Image Cropper version 1.2. The vulnerability allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint, enabling the execution of arbitrary code on the server. The CVSS score for this vulnerability is 9.3, indicating a critical severity.