WordPress Plugin Vulnerabilities

Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE

Description

The plugin did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE

Proof of Concept

Affects Plugins

Plugin icon
business-directory-plugin
Fixed in 5.11.1

References

CVE
CVE-2021-24248

Miscellaneous

Original Researcher
0xB9
Submitter
0xB9
Submitter twitter
0xB9sec
Verified
Yes
WPVDB ID
ca886a34-cd2b-4032-9de1-8089b5cf3001

Timeline

Publicly Published
2021-04-11 (about 4 years ago)
Added
2021-04-12 (about 4 years ago)
Last Updated
2022-05-07 (about 3 years ago)

Other

Published
Title
Published
2024-10-01
Title
WP Hotel Booking < 2.1.3 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-10-17
Title
WP REST API FNS <= 1.0.0 - Unauthenticated Arbitrary File Upload
Published
2024-06-22
Title
Wp EMember < 10.6.6 - Authenticated (Admin+) Arbitrary File Upload
Published
2024-05-14
Title
Copymatic – AI Content Writer & Generator < 1.7 - Unauthenticated Arbitrary File Upload
Published
2025-07-04
Title
Groundhogg < 4.2.2 - Authenticated (Sales Rep+) Arbitrary File Upload