CVE-2021-24757

CVE-2021-24757: Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload

Vendor Unknown
Product Stylish Price List
Weakness CWE-863 · Incorrect authorization
Published November 1, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.

Key dates

02Disclosure timeline

November 1, 2021 CVE published
August 3, 2024 Record updated