2 matches found
CVE-2021-24224
The EFBPverifyuploadfile AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing low privilege users to upload arbitrary files, leading to RCE...
CVE-2021-24224
Vulnerability summary (CVE-2021-24224) : The Easy Form Builder WordPress plugin (≤ 1.0) allows authenticated users to upload arbitrary files through the EFBP_verify_upload_file AJAX action. The upload verification lacks security checks, enabling low-privilege users to upload arbitrary files and p...