CVE-2021-24311

Опубликовано: 01 июн. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34 was vulnerable to arbitrary file uploads via any authenticated users.

Ссылки

https://wpscan.com/vulnerability/4fb90999-6f91-4200-a0cc-bfe9b34a5de9
Exploit
Third Party Advisory
https://www.wordfence.com/blog/2021/05/critical-vulnerability-patched-in-external-media-plugin/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/4fb90999-6f91-4200-a0cc-bfe9b34a5de9
Exploit
Third Party Advisory
https://www.wordfence.com/blog/2021/05/critical-vulnerability-patched-in-external-media-plugin/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:external_media_project:external_media:*:*:*:*:*:wordpress:*:*

Версия до 1.0.34 (исключая)

EPSS

Процентиль: 83%

0.01894

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-hmcx-73wq-2qf4

github

больше 3 лет назад