CVE-2021-24254

CVE-2021-24254: College Publisher Import <= 0.1 - Arbitrary File Upload to RCE

Vendor Unknown
Product College publisher Import
Weakness CWE-434 · Unrestricted file upload
Published May 5, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.

Key dates

02Disclosure timeline

May 5, 2021 CVE published
August 3, 2024 Record updated