Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-24981

๐Ÿ—“๏ธย 21 Dec 2021ย 08:45:40Reported byย WPScanTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 56ย Views๐ŸŒ WEB

The Directorist WordPress plugin before 7.0.6.2 is vulnerable to Cross-Site Request Forgery leading to arbitrary PHP shell uploads

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2021-24981
21 Dec 202112:22
โ€“circl
CNNVD		WordPress ๆ’ไปถไปฃ็ ้—ฎ้ข˜ๆผๆดž
21 Dec 202100:00
โ€“cnnvd
CNVD		WordPress Directorist plugin cross-site request forgery vulnerability
26 Dec 202100:00
โ€“cnvd
Cvelist		CVE-2021-24981 Directorist โ€“ Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload
21 Dec 202108:45
โ€“cvelist
EUVD		EUVD-2021-11893
7 Oct 202500:30
โ€“euvd
NVD		CVE-2021-24981
21 Dec 202109:15
โ€“nvd
Patchstack		WordPress Directorist plugin <= 7.0.6.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Remote File Upload
18 Nov 202100:00
โ€“patchstack
Prion		Cross site request forgery (csrf)
21 Dec 202109:15
โ€“prion
RedhatCVE		CVE-2021-24981
22 May 202518:25
โ€“redhatcve
VulnCheck KEV		VulnCheck KEV: CVE-2021-24981
16 Nov 202100:00
โ€“vulncheck_kev
Rows per page
NVD
Vulners
Node
wpwaxdirectoristRange<7.0.6.2wordpress
[
  {
    "product": "Directorist โ€“ Business Directory Plugin",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "7.0.6.2",
        "status": "affected",
        "version": "7.0.6.2",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
actionrequest bodywp-admin/admin-ajax.phpCSRF to remote file upload enabling arbitrary PHP shell upload via plugin endpointCWE-352,ย CWE-434
download_item[download_link]request bodywp-admin/admin-ajax.phpCSRF to remote file upload enabling arbitrary PHP shell upload via plugin endpointCWE-352,ย CWE-434
download_item[skip_licencing]request bodywp-admin/admin-ajax.phpCSRF to remote file upload enabling arbitrary PHP shell upload via plugin endpointCWE-352,ย CWE-434
download_item[permalink]request bodywp-admin/admin-ajax.phpCSRF to remote file upload enabling arbitrary PHP shell upload via plugin endpointCWE-352,ย CWE-434
typerequest bodywp-admin/admin-ajax.phpCSRF to remote file upload enabling arbitrary PHP shell upload via plugin endpointCWE-352,ย CWE-434

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 05:54Current
7.6High risk
Vulners AI Score7.6
CVSS 25.1
CVSS 3.17.5
EPSS0.00244
CWE-352CWE-434
directorist wordpress plugincve-2021-24981cross-site request forgeryremote file uploadnvd
56