Vulnerability Description
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| N5 Upload Form Project | N5 Upload Form | <= 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f720956ExploitThird Party Advisory
- https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5dbExploitThird Party Advisory
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f720956ExploitThird Party Advisory
- https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5dbExploitThird Party Advisory
FAQ
What is CVE-2021-24223?
CVE-2021-24223 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be h...
How severe is CVE-2021-24223?
CVE-2021-24223 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24223?
Check the references section above for vendor advisories and patch information. Affected products include: N5 Upload Form Project N5 Upload Form.