WordPress Plugin Vulnerabilities

WP-Curricul Vitea Free <= 6.3 - Unauthenticated Arbitrary File Upload to RCE

Description

The plugin suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.

Proof of Concept

The PoC will be displayed once the issue has been remediated.

Affects Plugins

Plugin icon
wp-curriculo-vitae
No known fix

References

CVE
CVE-2021-24222
URL
https://github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.md

Miscellaneous

Original Researcher
Jin Huang
Submitter
Jin Huang
Submitter website
https://github.com/jinhuang1102
Submitter twitter
JinHuan70342329
Verified
Yes
WPVDB ID
4d715de6-8595-4da9-808a-04a28e409900

Timeline

Publicly Published
2021-03-26 (about 3 years ago)
Added
2021-03-26 (about 3 years ago)
Last Updated
2021-04-01 (about 3 years ago)

Other

Published
Title
Published
2023-04-04
Title
Zyrex Popup < 1.1 - Admin+ Arbitrary File Upload
Published
2021-03-26
Title
N5 Upload Form <= 1.0 - Unauthenticated Arbitrary File Upload to RCE
Published
2021-09-13
Title
Download from files <= 1.48 - Unauthenticated Arbitrary File Upload
Published
2024-03-25
Title
Everest Backup < 2.2.5 - Admin+ Arbitrary File Upload
Published
2012-06-07
Title
MM Forms & MM Forms Community 2.2.6 - Unauthenticated Arbitrary File Upload