CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24663

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 69.9%

CVSS Severity

CVSS v3 Score 7.2

CVSS v2 Score 6.5

References

https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a

Products affected by CVE-2021-24663

Simple Schools Staff Directory Project » Simple Schools Staff Directory » Version: Any

cpe:2.3:a:simple_schools_staff_directory_project:simple_schools_staff_directory:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24663

Products

Pricing

Contact Us