The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/85c0a564-2e56-413d-bc3a-1039343207e4 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-06-21T19:18:23
Updated: 2021-06-21T19:18:23
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24377
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-06-21T20:15:09.117
Modified: 2021-09-20T17:10:55.433
Link: CVE-2021-24377
JSON object: View
Redhat Information
No data.
CWE