CVE-2021-24224
HIGHEasy-form-builder-by-bitware < 1.0 - Unrestricted File Upload
Title source: ruleDescription
The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://wpscan.com/vulnerability/ed0c054b-54bf-4df8-9015-c76704c93484
Exploit, Third Party Advisory x_refsource_misc
https://github.com/jinhuang1102/CVE-ID-Reports/blob/e4c33529b20fa70e3a764ff9b1125839fb9900b5/Easy%20Form%20Builder.md
Scores
CVSS v3
8.8
EPSS
0.0207
EPSS Percentile
84.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
easy-form-builder-by-bitware_project/easy-form-builder-by-bitware
< 1.0
Published
Apr 12, 2021
Tracked Since
Feb 18, 2026