logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE

Description

The plugin allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.

Note (WPScanTeam):
- The issue has been escalated to Envato on March 30th, 2021 and the plugin has been removed from the marketplace.
- The issue seems to be exploited since a few months by malicious actors, as some reviews/comments suggest (https://codecanyon.net/item/business-hours-pro-wordpress-plugin/reviews/9414879)

Proof of Concept

The PoC will be displayed once the issue has been remediated

Affects Plugins

iva-business-hours-pro

No known fix

References

CVE

CVE-2021-24240

URL

https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879

Classification

Type

UPLOAD

CWE

CWE-434

Miscellaneous

Original Researcher

Harald Eilertsen

Submitter

Harald Eilertsen

Submitter website

https://jetpack.com

Verified

Yes

WPVDB ID

10528cb2-12a1-43f7-9b7d-d75d18fdf5bb

Timeline

Publicly Published

2021-04-02 (about 9 months ago)

Added

2021-04-02 (about 9 months ago)

Last Updated

2021-04-04 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin