CVE-2021-24981

Published: Dic 21, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2021-11893 Aliases: GSD-2021-24981

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: required

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

MEDIUM 5,1

Source: [email protected]

Access Vector: network

Access Complexity: high

Authentication: none

Confidentiality: partial

Integrity: partial

Availability: partial

Description

AI Translation Available

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0022

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

352

Cross-Site Request Forgery (CSRF)

Stable

Abstraction: Compound Structure: Composite

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Availability Non-Repudiation Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Web Based, Web Server

Likelihood of Exploit: Medium

View CWE Details

434

Unrestricted Upload of File with Dangerous Type

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability

Potential Impacts:

Execute Unauthorized Code Or Commands

Applicable Platforms

Languages: ASP.NET, Not Language-Specific, PHP

Technologies: Web Server

Likelihood of Exploit: Medium

View CWE Details

Application

Directorist by Wpwax

Product Information

Vendor Wpwax

Product Directorist

Version Range Affected

To 7.0.6.2 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:wpwax:directorist:*:*:*:*:*:wordpress:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://blog.sucuri.net/2021/11/fake-ransomware-infection-s…

Exploit Third Party Advisory

https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners…

https://wpscan.com/vulnerability/4c45df6d-b3f6-49e5-8b1f-ed…

Exploit Third Party Advisory

https://wpscan.com/vulnerability/4c45df6d-b3f6-49e5-8b1f-edd32a12d71c

https://blog.sucuri.net/2021/11/fake-ransomware-infection-s…

Exploit Third Party Advisory

https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners…

https://wpscan.com/vulnerability/4c45df6d-b3f6-49e5-8b1f-ed…

Exploit Third Party Advisory

https://wpscan.com/vulnerability/4c45df6d-b3f6-49e5-8b1f-edd32a12d71c

CVE-2021-24981

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Cross-Site Request Forgery (CSRF)

Common Consequences

Applicable Platforms

Unrestricted Upload of File with Dangerous Type

Common Consequences

Applicable Platforms

Directorist by Wpwax

Product Information

Iscriviti alla newsletter