What is CVE-2021-24499?

CVE-2021-24499 is a vulnerability in Workreap, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-08-09.

Is CVE-2021-24499 known to be exploited?

19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Workreap

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowe…

Vulnerability class: Unrestricted File Upload

EPSS: 0.939 (99.9th percentile) — read the EPSS interpretation.

Affected products

Unknown Workreap — versions 2.2.2

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

j4k0m/CVE-2021-24499
jayhutajulu1/CVE-2021-24499
jytmX/CVE-2021-24499
hh-hunter/cve-2021-24499
Mr-xn/Penetration_
RyouYoo/CVE-2021-24499
buka-pitch/Exploit-for-WordPress-Theme-Workreap-2.2.2
k0mi-tg/CVE-POC
lions2012/Penetration_
manas3c/CVE-POC

References

wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb
jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/
packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html

Frequently asked questions

What is CVE-2021-24499?: CVE-2021-24499 is a vulnerability in Workreap, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-08-09.
Is CVE-2021-24499 known to be exploited?: 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.