Lucene search
+L

7 matches found

Nuclei
Nuclei
added yesterday111 views

WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...

9.8CVSS9AI score0.4214EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.9 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS7.2AI score0.4214EPSS
Exploits3References1
Circl
Circl
added 2022/07/15 1:33 p.m.29 views

CVE-2021-24284

creationtimestamp| type| source ---|---|--- 2022-07-15 13:33:55+00:00| exploited| https://t.me/itsecnews/1013 2022-07-19 20:21:54+00:00| exploited| https://t.me/truesecator/3194 2022-08-13 21:01:30+00:00| seen| https://t.me/poxek/2211 2024-01-08 14:56:27+00:00| seen| https://t.me/arpsyndicate/265...

9.8CVSS7.5AI score0.4214EPSS
In wildExploits3References7
0day.today
0day.today
added 2022/07/14 12:0 a.m.388 views

WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload Vulnerability

WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability. Description: Arbitrary File Upload/Deletion and Other Affected Plugin: Kaswara Modern WPBakery Page Builder Addons Plugin Slug: kaswara Affected Versions: = 3.0.1 CVE...

9.8CVSS0.6AI score0.4214EPSS
Exploits3
Wordfence Blog
Wordfence Blog
added 2022/07/13 5:52 p.m.26 views

PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability

The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...

7.5CVSS9.8AI score0.4214EPSS
Exploits3
OSV
OSV
added 2021/05/14 12:15 p.m.4 views

CVE-2021-24284

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...

9.8CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2021/05/14 11:38 a.m.207 views

CVE-2021-24284

The CVE-2021-24284 entry covers the Kaswara Modern VC Addons WordPress plugin (versions up to 3.0.1). It admits unauthenticated arbitrary file uploads via the uploadFontIcon AJAX action, unzipping a supplied ZIP into wp-content/uploads/kaswara/fonts_icon without filtering PHP or other malicious f...

9.8CVSS9.7AI score0.4214EPSS
In wildExploits3References3Affected Software1
Rows per page
Query Builder