Vulnerability Details CVE-2021-24254
The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.9%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
References
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md
- https://wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4
- https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.md
- https://wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4
Products affected by CVE-2021-24254
-
cpe:2.3:a:college_publisher_import_project:college_publisher_import:*