What is CVE-2014-10021?

CVE-2014-10021 is a vulnerability in Wpsymposiumpro Wp_symposium. Published 2015-01-13.

Is CVE-2014-10021 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Wpsymposiumpro Wp_symposium

CVE-2014-10021

Unrestricted file upload vulnerability in UploadHandler.php in the WP Symposium plugin 14.11 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct r…

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

Wpsymposiumpro Wp_symposium — versions 14.11
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
20142995/nuclei-templates

References

35543 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
71686 (vdb-entry, x_refsource_BID, Broken Link)

Frequently asked questions

What is CVE-2014-10021?: CVE-2014-10021 is a vulnerability in Wpsymposiumpro Wp_symposium. Published 2015-01-13.
Is CVE-2014-10021 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.