CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24252

The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.0%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md
https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.md
https://wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7c

Products affected by CVE-2021-24252

Wp-Eventmanager » Event Banner » Version: Any

cpe:2.3:a:wp-eventmanager:event_banner:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24252

Products

Pricing

Contact Us