jinhuang1102

3 exploits Active since Apr 2021
CVE-2021-24222 WRITEUP CRITICAL WRITEUP
Williamluis Wp-curriculo Vitae Free < 6.3 - Unrestricted File Upload
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.
CVSS 9.8
CVE-2021-24223 WRITEUP CRITICAL WRITEUP
N5 Upload Form < 1.0 - Unrestricted File Upload
The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.
CVSS 9.8
CVE-2021-24224 WRITEUP HIGH WRITEUP
Easy-form-builder-by-bitware < 1.0 - Unrestricted File Upload
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
CVSS 8.8