3 matches found
CVE-2021-24377
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...
CVE-2021-24377
The CVE-2021-24377 entry relates to the WordPress Autoptimize plugin (versions before 2.7.8). The issue arises during the Import Settings workflow: malicious files are attempted to be removed after extraction, but a race condition between disk extraction and removal can permit a Remote Code Execu...
CVE-2021-24377 Autoptimize < 2.7.8 - Race Condition leading to RCE
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted o...