WordPress Plugin Vulnerabilities

Classyfrieds <= 3.8 - Authenticated Arbitrary File Upload to RCE

Description

The plugin does not properly check the uploaded file when an authenticated user adds a listing, only checking the content-type in the request. This allows any authenticated user to upload arbitrary PHP files via the Add Listing feature of the plugin, leading to RCE.

Proof of Concept

Affects Plugins

Plugin icon
classyfrieds
No known fix

References

CVE
CVE-2021-24253
URL
https://github.com/jinhuang1102/CVE-ID-Reports/blob/master/classyfrieds.md

Miscellaneous

Original Researcher
Jin Huang
Submitter
Jin Huang
Submitter website
https://github.com/jinhuang1102
Submitter twitter
JinHWhite412Ash
Verified
Yes
WPVDB ID
ee42c233-0ff6-4b27-a5ec-ad3246bef079

Timeline

Publicly Published
2021-04-10 (about 4 years ago)
Added
2021-04-12 (about 4 years ago)
Last Updated
2021-04-14 (about 4 years ago)

Other

Published
Title
Published
2016-08-01
Title
Adblock Blocker 0.0.1 - Arbitrary File Upload
Published
2023-11-30
Title
Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload
Published
2024-07-08
Title
Advanced File Manager Shortcode < 2.5.4 - Authenticated (Contributor+) Arbitrary File Upload
Published
2025-08-28
Title
Booster for WooCommerce < 7.2.5 - Unauthenticated Double Extension Arbitrary File Upload
Published
2024-03-29
Title
Chauffeur Taxi Booking System for WordPress < 7.3 - Unauthenticated Arbitrary File Upload