CVE-2021-24549
The CVE concerns the WordPress plugin AceIDE (versions up to 2.6.2). The root cause is failure to sanitize/validate user input appended to system paths, enabling a path-traversal attack. Affected functionality includes actions such as reading server files via admin privileges. Exploitation requir...