Total
2975 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24254 | 1 College Publisher Import Project | 1 College Publisher Import | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack. | |||||
| CVE-2021-24253 | 1 Classyfrieds Project | 1 Classyfrieds | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE. | |||||
| CVE-2021-24252 | 1 Wp-eventmanager | 1 Event Banner | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded) | |||||
| CVE-2021-24248 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE | |||||
| CVE-2021-24240 | 1 Aivahthemes | 1 Business Hours Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability. | |||||
| CVE-2021-24236 | 1 Imagements Project | 1 Imagements | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE. | |||||
| CVE-2021-24224 | 1 Easy-form-builder-by-bitware Project | 1 Easy-form-builder-by-bitware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE. | |||||
| CVE-2021-24223 | 1 N5 Upload Form Project | 1 N5 Upload Form | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial. | |||||
| CVE-2021-24222 | 1 Williamluis | 1 Wp-curriculo Vitae Free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE. | |||||
| CVE-2021-24220 | 1 Thrivethemes | 10 Focusblog, Ignition, Luxe and 7 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by Thrive Themes WordPress theme before 2.0.0 register a REST API endpoint to compress images using the Kraken image optimization engine. By supplying a crafted request in combination with data inserted using the Option Update vulnerability, it was possible to use this endpoint to retrieve malicious code from a remote URL and overwrite an existing file on the site with it or create a new file.This includes executable PHP files that contain malicious code. | |||||
| CVE-2021-24216 | 1 Servmask | 1 One-stop Wp Migration | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations. | |||||
| CVE-2021-24212 | 1 Woocommerce | 1 Help Scout | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp. | |||||
| CVE-2021-24160 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site. | |||||
| CVE-2021-24155 | 1 Backup-guard | 1 Backup Guard | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE. | |||||
| CVE-2021-24145 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request. | |||||
| CVE-2021-24123 | 1 Blubrry | 1 Powerpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | |||||
| CVE-2021-23814 | 1 Unisharp | 1 Laravel-filemanager | 2024-11-21 | 6.5 MEDIUM | 6.7 MEDIUM |
| This affects the package unisharp/laravel-filemanager from 0.0.0. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: - Install a package with a web Laravel application. - Navigate to the Upload window - Upload an image file, then capture the request - Edit the request contents with a malicious file (webshell) - Enter the path of file uploaded on URL - Remote Code Execution **Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories). | |||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2024-11-21 | 6.8 MEDIUM | 4.2 MEDIUM |
| This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file. | |||||
| CVE-2021-23394 | 1 Std42 | 1 Elfinder | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP. | |||||
| CVE-2021-23280 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability. | |||||