CVE-2021-24224
Published Apr 12, 2021
Last updated 4 years ago
Overview
- Description
- The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
- Source
- contact@wpscan.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- contact@wpscan.com
- CWE-434
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "73FE31DC-C7F1-4728-883F-C8ED50EC7600",
"versionEndIncluding": "1.0"
}
],
"operator": "OR"
}
]
}
]