7 matches found
WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload
WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the...
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...
CVE-2021-24284
creationtimestamp| type| source ---|---|--- 2022-07-15 13:33:55+00:00| exploited| https://t.me/itsecnews/1013 2022-07-19 20:21:54+00:00| exploited| https://t.me/truesecator/3194 2022-08-13 21:01:30+00:00| seen| https://t.me/poxek/2211 2024-01-08 14:56:27+00:00| seen| https://t.me/arpsyndicate/265...
WordPress Kaswara Modern WPBakery Page Builder 3.0.1 File Upload Vulnerability
WordPress Kaswara Modern WPBakery Page Builder plugin versions 3.0.1 and below suffer from an arbitrary file upload vulnerability. Description: Arbitrary File Upload/Deletion and Other Affected Plugin: Kaswara Modern WPBakery Page Builder Addons Plugin Slug: kaswara Affected Versions: = 3.0.1 CVE...
PSA: Sudden Increase In Attacks On Modern WPBakery Page Builder Addons Vulnerability
The Wordfence Threat Intelligence team has been monitoring a sudden increase in attack attempts targeting Kaswara Modern WPBakery Page Builder Addons. This ongoing campaign is attempting to take advantage of an arbitrary file upload vulnerability, tracked as CVE-2021-24284, which has been...
CVE-2021-24284
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fontsicon directory with no checks for malicious files such as PHP...
CVE-2021-24284
The CVE-2021-24284 entry covers the Kaswara Modern VC Addons WordPress plugin (versions up to 3.0.1). It admits unauthenticated arbitrary file uploads via the uploadFontIcon AJAX action, unzipping a supplied ZIP into wp-content/uploads/kaswara/fonts_icon without filtering PHP or other malicious f...