Vulnerability Description
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Easy-Form-Builder-By-Bitware Project | Easy-Form-Builder-By-Bitware | <= 1.0 |
Related Weaknesses (CWE)
References
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b112ExploitThird Party Advisory
- https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484Third Party Advisory
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b112ExploitThird Party Advisory
- https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484Third Party Advisory
FAQ
What is CVE-2021-24224?
CVE-2021-24224 is a vulnerability with a CVSS score of 8.8 (HIGH). The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing ...
How severe is CVE-2021-24224?
CVE-2021-24224 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24224?
Check the references section above for vendor advisories and patch information. Affected products include: Easy-Form-Builder-By-Bitware Project Easy-Form-Builder-By-Bitware.