CVE-2021-24947

MEDIUM NUCLEI

RVM WordPress <6.4.2 - Info Disclosure

Title source: llm

Description

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

Nuclei Templates (1)

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

MEDIUMby cckuailong

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/c6bb12b1-6961-40bd-9110-edfa9ee41a18

Scores

CVSS v3 6.5

EPSS 0.1022

EPSS Percentile 93.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-434 CWE-352 CWE-863

Status published

Products (1)

thinkupthemes/responsive_vector_maps < 6.4.2

Published Feb 07, 2022

Tracked Since Feb 18, 2026