关键信息 漏洞概述 漏洞名称: WordPress STAGGS Plugin <= 2.11.0 is vulnerable to Arbitrary File Upload 优先级: High priority CVSS评分: 10 风险: This vulnerability is highly dangerous and expected to become mass exploited. 影响版本 易受攻击的版本: <= 2.11.0 修复版本: 2.12.0 漏洞类型 类型: Arbitrary File Upload 描述: This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. 解决方案 1. 自动缓解漏洞: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until you have updated to a fixed version. 2. 更新到版本2.12.0或更高版本: Update to version 2.12.0 or later to remove the vulnerability. 时间线 报告日期: 31 Mar 2025 早期警告发送给Patchstack客户: 16 May 2025 发布日期: 18 May 2025 其他信息 软件: STAGGS 类型: Plugin 易受攻击的版本: <= 2.11.0 修复版本: 2.12.0