CVE-2021-24212

CVE-2021-24212: WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE

Vendor Unknown
Product WooCommerce Help Scout
Weakness CWE-434 · Unrestricted file upload
Published April 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

Key dates

02Disclosure timeline

April 5, 2021 CVE published
August 3, 2024 Record updated