Vulnerabilities > CVE-2021-24284 - Unspecified vulnerability in Kaswara Project Kaswara 3.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Related news
References
- http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html
- http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html
- https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477
- https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477
- https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5
- https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5