WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE

Description

The plugin allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

Note (WPScanTeam):
- The issue has been escalated to Envato on March 30th, 2021 and the plugin has been removed from the marketplace.
- The issue seems to be exploited since a few months by malicious actors, as some reviews/comments suggest (https://codecanyon.net/item/business-hours-pro-wordpress-plugin/reviews/9414879)

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

iva-business-hours-pro
No known fix

References

CVE
CVE-2021-24240
URL
https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879

Classification

Type

UPLOAD

CWE
CWE-434

Miscellaneous

Original Researcher

Harald Eilertsen

Submitter

Harald Eilertsen

Submitter website
https://jetpack.com
Verified

Yes

WPVDB ID
10528cb2-12a1-43f7-9b7d-d75d18fdf5bb

Timeline

Publicly Published

2021-04-02 (about 2 years ago)

Added

2021-04-02 (about 2 years ago)

Last Updated

2021-04-04 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin