Back to search
CVE-2021-24377
Published: Jun 21, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Autoptimize | affected 2.7.8 - < 2.7.8 |
Weaknesses (CWE)
References
https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now