What is CVE-2021-24284?

CVE-2021-24284 is a vulnerability in Sayenthemes Kaswara Modern Vc Addons, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-05-14.

Is CVE-2021-24284 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Sayenthemes Kaswara Modern Vc Addons

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with…

Vulnerability class: Unrestricted File Upload

EPSS: 0.680 (98.6th percentile) — read the EPSS interpretation.

Affected products

Sayenthemes Kaswara Modern Vc Addons — versions 3.0.1

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

References

wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5 (x_refsource_CONFIRM)
codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477 (x_refsource_MISC)
packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Bui… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24284?: CVE-2021-24284 is a vulnerability in Sayenthemes Kaswara Modern Vc Addons, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-05-14.
Is CVE-2021-24284 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.