What is CVE-2021-24212?

CVE-2021-24212 is a vulnerability in Woocommerce Help Scout, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-05.

Is CVE-2021-24212 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Woocommerce Help Scout

CVE-2021-24212

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

Vulnerability class: Unrestricted File Upload

EPSS: 0.745 (98.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Woocommerce Help Scout — versions 2.9.1

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

wpscan.com/vulnerability/cf9305e8-f5bc-45c3-82db-0ef00fd46129 (x_refsource_CONFIRM)
dzv365zjfbd8v.cloudfront.net/changelogs/woocommerce-help-scout/changelog.txt (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24212?: CVE-2021-24212 is a vulnerability in Woocommerce Help Scout, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-04-05.
Is CVE-2021-24212 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.