exploitDog

CVE-2021-24240

Опубликовано: 22 апр. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

Ссылки

https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879
Product
Third Party Advisory
https://wpscan.com/vulnerability/10528cb2-12a1-43f7-9b7d-d75d18fdf5bb
Third Party Advisory
https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879
Product
Third Party Advisory
https://wpscan.com/vulnerability/10528cb2-12a1-43f7-9b7d-d75d18fdf5bb
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aivahthemes:business_hours_pro:*:*:*:*:*:wordpress:*:*

Версия до 5.5.0 (включая)

EPSS

Процентиль: 92%

0.08068

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

CWE-434

Связанные уязвимости

GHSA-mwhf-wq2w-263x

github

больше 3 лет назад

The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

EPSS

Процентиль: 92%

0.08068

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

CWE-434