CVE-2021-24248

CVE-2021-24248: Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE

Vendor Business Directory Team
Product Business Directory Plugin – Easy Listing Directories for WordPress
Weakness CWE-434 · Unrestricted file upload
Published May 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.1 did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE

Key dates

02Disclosure timeline

May 5, 2021 CVE published
August 3, 2024 Record updated