Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2021-24499

Published: 09/08/2021 Updated: 12/06/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Workreap

Vulnerability Summary

The Workreap WordPress theme prior to 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amentotech workreap

Exploits

Exploit DB: WordPress Workreap 2.2.2 Shell Upload
WordPress theme Workreap version 222 suffers from a remote shell upload vulnerabilities ...

Github Repositories

https://github.com/buka-pitch/Exploit-for-WordPress-Theme-Workreap-2.2.2

Python Exploit Unauthenticated Upload Leading to Remote Code Execution

Exploit-for-WordPress-Theme-Workreap-222 Python Exploit Unauthenticated Upload Leading to Remote Code Execution CVE-2021-24499 The Workreap WordPress theme before 222 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way The endpoints allowed for upload

https://github.com/jytmX/CVE-2021-24499

CVE-2021-24499 Mass exploitation of CVE-2021-24499 unauthenticated upload leading to remote code execution in Workreap theme The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way The endpoints allowed for uploading arbitrary files to the uploads/workre

https://github.com/RyouYoo/CVE-2021-24499

Mass exploitation of CVE-2021-24499 unauthenticated upload leading to remote code execution in Workreap theme.

CVE-2021-24499 Mass exploitation of CVE-2021-24499 unauthenticated upload leading to remote code execution in Workreap theme The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way The endpoints allowed for uploading arbitrary files to the uploads/workre

References

CWE-434https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cbhttps://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.htmlhttps://nvd.nist.govhttps://github.com/buka-pitch/Exploit-for-WordPress-Theme-Workreap-2.2.2https://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook