Vulnerabilities > CVE-2021-24224 - Unspecified vulnerability in Easy-Form-Builder-By-Bitware Project Easy-Form-Builder-By-Bitware 1.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

easy-form-builder-by-bitware-project

NVD

Published: 2021-04-12

Updated: 2024-11-21

Summary

The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.

Vulnerable Configurations

Part	Description	Count
Application	Easy-Form-Builder-By-Bitware_Project Easy Form Builder BY Bitware Project Easy Form Builder BY Bitware - Easy Form Builder BY Bitware Project Easy Form Builder BY Bitware 1.0	2

References

https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484