QwikSec

Security Database

CVE

CWE

Training

CVE-2021-24224

Published: Apr 12, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.

Vendor	Product	Versions
Unknown	Easy Form Builder	affected `1.0 - <= 1.0`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484

x_refsource_CONFIRM

https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.