Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 4:25 a.m.10 views

CVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

8.8CVSS8AI score0.01514EPSS
Exploits0References1
NVD
NVD
added 2023/03/07 2:15 p.m.16 views

CVE-2021-4330

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

8.8CVSS9.1AI score0.01514EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/07 1:51 p.m.27 views

CVE-2021-4330 Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

8.8CVSS9.3AI score0.01514EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/07 1:51 p.m.8 views

CVE-2021-4330 Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload

The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for...

8.8CVSS7.9AI score0.01514EPSS
Exploits0References2
CVE
CVE
added 2023/03/07 1:51 p.m.52 views

CVE-2021-4330

CVE-2021-4330 affects WordPress plugins “Template Kit – Import” (up to 1.0.13) and “Envato Elements & Download” (up to 2.0.10). The root cause is insufficient validation of file types during Zip extraction in the installFreeTemplateKit and uploadTemplateKitZipFileFile functions, enabling attacker...

8.8CVSS9AI score0.01514EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder