CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24549

The AceIDE WordPress plugin through 2.6.2 does not sanitise or validate the user input which is appended to system paths before using it in various actions, such as to read arbitrary files from the server. This allows high privilege users such as administrator to access any file on the web server outside of the blog directory via a path traversal attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 76.2%

CVSS Severity

CVSS v3 Score 4.9

CVSS v2 Score 4.0

References

https://codevigilant.com/disclosure/2021/wp-plugin-aceide/
https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a
https://codevigilant.com/disclosure/2021/wp-plugin-aceide/
https://wpscan.com/vulnerability/c594abaf-b152-448c-8a20-9b3267fe547a

Products affected by CVE-2021-24549

Aceide Project » Aceide » Version: N/A

cpe:2.3:a:aceide_project:aceide:-
Aceide Project » Aceide » Version: 2.6.2

cpe:2.3:a:aceide_project:aceide:2.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24549

Products

Pricing

Contact Us