CVE-2021-24224

EUVD-2021-11138
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
easy-form-builder-by-bitware_projecteasy-form-builder-by-bitware
𝑥
≤ 1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484