Nguyen Van Khanh - Security Researcher - Exploit Intelligence Platform

CVE-2021-24155 NOMISEC HIGH WORKING POC

Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

10 stars

CVSS 7.2

View Code

CVE-2021-24155 METASPLOIT HIGH ruby WORKING POC

Backup-guard Backup Guard < 1.6.0 - Unrestricted File Upload

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+) to upload arbitrary files, including PHP ones, leading to RCE.

CVSS 7.2

View Code

CVE-2021-24145 METASPLOIT HIGH ruby WORKING POC

Webnus Modern Events Calendar Lite < 5.16.5 - Unrestricted File Upload

Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using the 'text/csv' content-type in the request.

CVSS 7.2

View Code