CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24253

The Classyfrieds WordPress plugin through 3.8 does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.011

EPSS Ranking 77.4%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2021-24253

Classyfrieds Project » Classyfrieds » Version: N/A

cpe:2.3:a:classyfrieds_project:classyfrieds:-
Classyfrieds Project » Classyfrieds » Version: 3.3

cpe:2.3:a:classyfrieds_project:classyfrieds:3.3
Classyfrieds Project » Classyfrieds » Version: 3.5

cpe:2.3:a:classyfrieds_project:classyfrieds:3.5
Classyfrieds Project » Classyfrieds » Version: 3.6

cpe:2.3:a:classyfrieds_project:classyfrieds:3.6
Classyfrieds Project » Classyfrieds » Version: 3.7

cpe:2.3:a:classyfrieds_project:classyfrieds:3.7
Classyfrieds Project » Classyfrieds » Version: 3.8

cpe:2.3:a:classyfrieds_project:classyfrieds:3.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24253

Products

Pricing

Contact Us