CVE-2021-24252: Event Banner <= 1.3 - Arbitrary File Upload to RCE
First published: Wed May 05 2021(Updated: )
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WP Event Manager | <=1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-24252.
What is the severity of CVE-2021-24252?
The severity of CVE-2021-24252 is high with a CVSS score of 7.2.
Which software version is affected by CVE-2021-24252?
The Event Banner WordPress plugin version up to and including 1.3 is affected by CVE-2021-24252.
How does CVE-2021-24252 allow RCE?
CVE-2021-24252 allows remote code execution (RCE) by allowing admin accounts to upload arbitrary files, such as .exe or .php, due to the lack of uploaded image file verification.
Is there a CSRF vulnerability associated with CVE-2021-24252?
Yes, the lack of CSRF check in CVE-2021-24252 allows the exploitation of the vulnerability through CSRF attacks as well.
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/last-modified-date
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wp-eventmanager
- canonical/wp event manager
- version/wp event manager/1.3