Vulnerability Details : CVE-2021-24224
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
Products affected by CVE-2021-24224
- Easy-form-builder-by-bitware Project » Easy-form-builder-by-bitware » For WordpressVersions up to, including, (<=) 1.0cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24224
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24224
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-24224
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: contact@wpscan.com (Primary)
References for CVE-2021-24224
-
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484
Attention Required! | CloudflareThird Party Advisory
-
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
CVE-ID-Reports/Easy Form Builder.md at e4c33529b20fa70e3a764ff9b1125839fb9900b5 · jinhuang1102/CVE-ID-Reports · GitHubExploit;Third Party Advisory
Jump to