Lucene search
WPScanCVELIST:CVE-2021-24947HistoryFeb 07, 2022 - 3:47 p.m.
CVE-2021-24947 RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
2022-02-0715:47:14
CWE-863
WPScan
www.cve.org
3
rvm plugin
arbitrary file read
wordpress
EPSS
0.002
Percentile
57.8%
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server
CNA Affected
[
{
"product": "RVM – Responsive Vector Maps",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4.2",
"status": "affected",
"version": "6.4.2",
"versionType": "custom"
}
]
}
]Related
wpexploit
wpexploit
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
2022-01-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-02-07 16:15:00
nvd
nvd
CVE-2021-24947
2022-02-07 16:15:43
nuclei
nuclei
WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read
2022-02-08 01:07:19
wpvulndb
wpvulndb
RVM - Responsive Vector Maps < 6.4.2 - Subscriber+ Arbitrary File Read
2022-01-06 00:00:00
patchstack
patchstack
cve
cve
CVE-2021-24947
2022-02-07 16:15:43
kitploit
kitploit
Wpgarlic - A Proof-Of-Concept WordPress Plugin Fuzzer
2022-04-25 21:30:00