CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.913

EPSS Ranking 99.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html
https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477
https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5
http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html
https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477
https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5

Products affected by CVE-2021-24284

Kaswara Project » Kaswara » Version: N/A

cpe:2.3:a:kaswara_project:kaswara:-
Kaswara Project » Kaswara » Version: 3.0.1

cpe:2.3:a:kaswara_project:kaswara:3.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24284

Products

Pricing

Contact Us