CVE-2021-24947

CVE-2021-24947: RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read

Vendor Unknown
Product RVM – Responsive Vector Maps
Weakness CWE-863 · Incorrect authorization
Published February 7, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

Key dates

02Disclosure timeline

February 7, 2022 CVE published
August 3, 2024 Record updated