Vulnerability Description
The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aivahthemes | Business Hours Pro | <= 5.5.0 |
Related Weaknesses (CWE)
References
- https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879ProductThird Party Advisory
- https://wpscan.com/vulnerability/10528cb2-12a1-43f7-9b7d-d75d18fdf5bbThird Party Advisory
- https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879ProductThird Party Advisory
- https://wpscan.com/vulnerability/10528cb2-12a1-43f7-9b7d-d75d18fdf5bbThird Party Advisory
FAQ
What is CVE-2021-24240?
CVE-2021-24240 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vuln...
How severe is CVE-2021-24240?
CVE-2021-24240 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-24240?
Check the references section above for vendor advisories and patch information. Affected products include: Aivahthemes Business Hours Pro.