Vulnerability Details : CVE-2021-24663
Potential exploit
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Products affected by CVE-2021-24663
- Simple Schools Staff Directory Project » Simple Schools Staff Directory » For WordpressVersions up to, including, (<=) 1.1cpe:2.3:a:simple_schools_staff_directory_project:simple_schools_staff_directory:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-24663
0.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-24663
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2021-24663
-
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.Assigned by: contact@wpscan.com (Primary)
References for CVE-2021-24663
-
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a
Attention Required! | CloudflareExploit;Third Party Advisory
Jump to