CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24224

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 77.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484

Products affected by CVE-2021-24224

Easy-Form-Builder-By-Bitware Project » Easy-Form-Builder-By-Bitware » Version: N/A

cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:-
Easy-Form-Builder-By-Bitware Project » Easy-Form-Builder-By-Bitware » Version: 1.0

cpe:2.3:a:easy-form-builder-by-bitware_project:easy-form-builder-by-bitware:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24224

Products

Pricing

Contact Us