Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-24453

šŸ—“ļøĀ 19 Jul 2021Ā 10:53:18Reported byĀ WPScanTypeĀ 
cve
Ā cvešŸ”—Ā web.nvd.nist.govšŸ‘Ā 80Ā ViewsšŸŒ WEB

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, leading to Remote Code Execution (RCE) of the system

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2021-24453
19 Jul 202114:32
ā€“circl
CNNVD		WordPress č·Æå¾„éåŽ†ę¼ę“ž
19 Jul 202100:00
ā€“cnnvd
Cvelist		CVE-2021-24453 Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning
19 Jul 202110:53
ā€“cvelist
EUVD		EUVD-2021-11365
7 Oct 202500:30
ā€“euvd
NVD		CVE-2021-24453
19 Jul 202111:15
ā€“nvd
OSV		CVE-2021-24453
19 Jul 202111:15
ā€“osv
Patchstack		WordPress Include Me plugin <= 1.2.1 - Path traversal and Local File Inclusion (LFI) vulnerability leading to Remote Code Execution (RCE)
21 Jun 202100:00
ā€“patchstack
Prion		Path traversal
19 Jul 202111:15
ā€“prion
RedhatCVE		CVE-2021-24453
22 May 202521:05
ā€“redhatcve
wpexploit		Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning
21 Jun 202100:00
ā€“wpexploit
Rows per page
NVD
Vulners
Node
include_me_projectinclude_meRangeā‰¤1.2.1wordpress
[
  {
    "product": "Include Me",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "1.2.1",
        "status": "affected",
        "version": "1.2.1",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
contentrequest bodywordpress/wp-json/wp/v2/posts/116Local File Inclusion via includeme shortcode in post content (LFI leading to potential RCE).CWE-22
cmdquery paramwordpress/2021/06/20/myblogpost/RCE via LFI with log poisoning using cmd parameter on published post URL.CWE-22

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:53Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8
CVSS 29
EPSS0.07222
CWE-22
cve-2021-24453wordpresspluginpath traversallocal file inclusionrceremote code executionvulnerabilitylog poisoningsystem compromise
80