CVE-2021-24721 — MEDIUM (6.5)

Q: How severe is CVE-2021-24721?

CVE-2021-24721 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-24721?

Check the references section above for vendor advisories and patch information. Affected products include: Loco Translate Project Loco Translate.

Vulnerability Description

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users being able to inject PHP code into files ending with .php in web accessible locations.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Loco Translate Project	Loco Translate	< 2.5.4

Related Weaknesses (CWE)

CWE-94

References

https://wpscan.com/vulnerability/bc7d4774-fce8-4b0b-8015-8ef4c5b02d38ExploitThird Party Advisory
https://wpscan.com/vulnerability/bc7d4774-fce8-4b0b-8015-8ef4c5b02d38ExploitThird Party Advisory

FAQ

What is CVE-2021-24721?

CVE-2021-24721 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users be...

How severe is CVE-2021-24721?

CVE-2021-24721 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-24721?

Check the references section above for vendor advisories and patch information. Affected products include: Loco Translate Project Loco Translate.