CVE-2021-24212: Malicious File Upload
First published: Mon Apr 05 2021(Updated: )
The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WooCommerce Help Scout WordPress | <2.9.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-24212?
The severity of CVE-2021-24212 is critical with a CVSS score of 9.8.
What is the vulnerability description of CVE-2021-24212?
CVE-2021-24212 is a vulnerability in the WooCommerce Help Scout WordPress plugin before version 2.9.1 that allows unauthenticated users to upload any files to the site, which may end up in wp-content/uploads/hstmp.
How can an attacker exploit CVE-2021-24212?
An attacker can exploit CVE-2021-24212 by uploading arbitrary files to the vulnerable site.
Is authentication required to exploit CVE-2021-24212?
No, CVE-2021-24212 does not require authentication for exploitation.
How can I fix CVE-2021-24212?
To fix CVE-2021-24212, you should update the WooCommerce Help Scout WordPress plugin to version 2.9.1 or later.
- collector/nvd-index
- vendor/woocommerce
- canonical/woocommerce help scout wordpress