CVE-2021-24284
- Reference to the description:
- Description:
- The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
- Last updated date:
- 09/28/2022
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 07/13/2022
- Reference url to background
https://www.wordfence.com/blog/2022/07/attacks-on-modern-wpbakery-page-builder-addons-vulnerability/
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/21/2021
- Reference url to background
https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/28/2022