Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitHarald EilertsenWPEX-ID:10528CB2-12A1-43F7-9B7D-D75D18FDF5BB
HistoryApr 02, 2021 - 12:00 a.m.

Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE

2021-04-0200:00:00
Harald Eilertsen
131
JSON

The plugin allows a remote attacker to upload arbitrary files using its manual update functionality, leading to an unauthenticated remote code execution vulnerability. Note (WPScanTeam): - The issue has been escalated to Envato on March 30th, 2021 and the plugin has been removed from the marketplace. - The issue seems to be exploited since a few months by malicious actors, as some reviews/comments suggest (https://codecanyon.net/item/business-hours-pro-wordpress-plugin/reviews/9414879)

The PoC will be displayed once the issue has been remediated

Related

wpvulndb 1
patchstack 1
cve 1
prion 1
wpvulndb
wpvulndb
Business Hours Pro <= 5.5.0 - Unauthenticated Arbitrary File Upload to RCE
2021-04-02 00:00:00
patchstack
patchstack
WordPress Business Hours Pro plugin <= 5.5.0 - Unauthenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)
2021-04-02 00:00:00
cve
cve
CVE-2021-24240
2021-04-22 21:15:00
prion
prion
Remote code execution
2021-04-22 21:15:00
JSON
Related for WPEX-ID:10528CB2-12A1-43F7-9B7D-D75D18FDF5BB
wpvulndb1patchstack1cve1prion1