Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24960 | 1 Iptanus | 2 Wordpress File Upload, Wordpress File Upload Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way that allows uploading of SVG files, which could be then be used for Cross-Site Scripting attacks
|
|||||
| CVE-2021-24947 | 1 Thinkupthemes | 1 Responsive Vector Maps | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server
|
|||||
| CVE-2021-24663 | 1 Simple Schools Staff Directory Project | 1 Simple Schools Staff Directory | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
|
|||||
| CVE-2021-24620 | 1 Simple-e-commerce-shopping-cart Project | 1 Simple-e-commerce-shopping-cart | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP to be uploaded by an administrator. Furthermore, as there is no CSRF in place, attackers could also make a logged admin upload a malicious PHP file, which would lead to RCE
|
|||||
| CVE-2021-24499 | 1 Amentotech | 1 Workreap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.
|
|||||
| CVE-2021-24493 | 1 Ingenesis | 1 Shopp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of malicious files, such as PHP, allowing unauthenticated users to upload arbitrary files and leading to RCE
|
|||||
| CVE-2021-24490 | 1 Email Artillery Project | 1 Email Artillery | 2024-11-21 | 6.0 MEDIUM | 6.8 MEDIUM |
|
The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denying access to everything in the folder the file is uploaded to, the malicious uploaded file will only be accessible on Web Servers such as Nginx/IIS
|
|||||
| CVE-2021-24376 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory with PHP file in it and then it is not removed from the disk. It is a bypass of CVE-2020-24948 which allows sending a PHP file via the "Import Settings" functionality to achieve Remote Code Execution.
|
|||||
| CVE-2021-24370 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
|
|||||
| CVE-2021-24311 | 1 External Media Project | 1 External Media | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users.
|
|||||
| CVE-2021-24284 | 1 Kaswara Project | 1 Kaswara | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
|
|||||
| CVE-2021-24254 | 1 College Publisher Import Project | 1 College Publisher Import | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
|
|||||
| CVE-2021-24253 | 1 Classyfrieds Project | 1 Classyfrieds | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.
|
|||||
| CVE-2021-24252 | 1 Wp-eventmanager | 1 Event Banner | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)
|
|||||
| CVE-2021-24248 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE
|
|||||
| CVE-2021-24240 | 1 Aivahthemes | 1 Business Hours Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.
|
|||||
| CVE-2021-24236 | 1 Imagements Project | 1 Imagements | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Imagements WordPress plugin through 1.2.5 allows images to be uploaded in comments, however only checks for the Content-Type in the request to forbid dangerous files. This allows unauthenticated attackers to upload arbitrary files by using a valid image Content-Type along with a PHP filename and code, leading to RCE.
|
|||||
| CVE-2021-24224 | 1 Easy-form-builder-by-bitware Project | 1 Easy-form-builder-by-bitware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
|
|||||
| CVE-2021-24223 | 1 N5 Upload Form Project | 1 N5 Upload Form | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.
|
|||||
| CVE-2021-24222 | 1 Williamluis | 1 Wp-curriculo Vitae Free | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.
|
|||||
| CVE-2021-24220 | 1 Thrivethemes | 10 Focusblog, Ignition, Luxe and 7 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by Thrive Themes WordPress theme before 2.0.0, Voice WordPress theme before 2.0.0, Performag by Thrive Themes WordPress theme before 2.0.0, Pressive by Thrive Themes WordPress theme before 2.0.0, Storied by ...
Show More |
|||||
| CVE-2021-24216 | 1 Servmask | 1 One-stop Wp Migration | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations.
|
|||||
| CVE-2021-24212 | 1 Woocommerce | 1 Help Scout | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
|
|||||
| CVE-2021-24160 | 1 Expresstech | 1 Responsive Menu | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These files could then be accessed via the front end of the site to trigger remote code execution and ultimately allow an attacker to execute commands to further infect a WordPress site.
|
|||||
| CVE-2021-24155 | 1 Backup-guard | 1 Backup Guard | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.
|
|||||
| CVE-2021-24145 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.
|
|||||
| CVE-2021-24123 | 1 Blubrry | 1 Powerpress | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE.
|
|||||
| CVE-2021-23562 | 1 Tiny | 1 Plupload | 2024-11-21 | 6.8 MEDIUM | 4.2 MEDIUM |
|
This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of file.
|
|||||
| CVE-2021-23394 | 1 Std42 | 1 Elfinder | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
|
|||||
| CVE-2021-23280 | 1 Eaton | 3 Intelligent Power Manager, Intelligent Power Manager Virtual Appliance, Intelligent Power Protector | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
|
Eaton Intelligent Power Manager (IPM) prior to 1.69 is vulnerable to authenticated arbitrary file upload vulnerability. IPM’s maps_srv.js allows an attacker to upload a malicious NodeJS file using uploadBackgroud action. An attacker can upload a malicious code or execute any command using a specially crafted packet to exploit the vulnerability.
|
|||||
| CVE-2021-23001 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, the upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
|
|||||
| CVE-2021-22968 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored in a directory with a random name, but it's possible to stall the uploads and brute force the directory name. You have to be an admin with the ability to upload files, but this bug gives you the abili ...
Show More |
|||||
| CVE-2021-22937 | 2 Ivanti, Pulsesecure | 2 Connect Secure, Pulse Connect Secure | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A vulnerability in Pulse Connect Secure before 9.1R12 could allow an authenticated administrator to perform a file write via a maliciously crafted archive uploaded in the administrator web interface.
|
|||||
| CVE-2021-22858 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Attackers can access the CGE account management function without privilege for permission elevation and execute arbitrary commands or files after obtaining user permissions.
|
|||||
| CVE-2021-22803 | 1 Schneider-electric | 1 Interactive Graphical Scada System Data Collector | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior)
|
|||||
| CVE-2021-22698 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a stack-based buffer overflow to occur which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
|
|||||
| CVE-2021-22697 | 1 Schneider-electric | 1 Ecostruxure Power Build - Rapsody | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in the EcoStruxure Power Build - Rapsody software (V2.1.13 and prior) that could allow a use-after-free condition which could result in remote code execution when a malicious SSD file is uploaded and improperly parsed.
|
|||||
| CVE-2021-21357 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default _fileDenyPattern_ successfully blocked files like _. ...
Show More |
|||||
| CVE-2021-21355 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default _fileDenyPattern_ successfully blocked files like _.htaccess_ or _malicious.php_. Besides that, _UploadedFileReferenceConverter_ transforming uploaded files into proper FileReference domain model objects ha ...
Show More |
|||||
| CVE-2021-21245 | 1 Onedev Project | 1 Onedev | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments f ...
Show More |
|||||