The Business Hours Pro WordPress plugin through 5.5.0 allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability.
References
Link | Resource |
---|---|
https://codecanyon.net/item/business-hours-pro-wordpress-plugin/9414879 | Product Third Party Advisory |
https://wpscan.com/vulnerability/10528cb2-12a1-43f7-9b7d-d75d18fdf5bb | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-04-22T21:00:51
Updated: 2021-04-22T21:00:51
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24240
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-22T21:15:09.863
Modified: 2021-04-29T20:50:26.837
Link: CVE-2021-24240
JSON object: View
Redhat Information
No data.
CWE