cnvd - cnvd-2021-36531

cnvd-2021-36531

Vulnerability from cnvd

Title: WordPress plugin代码问题漏洞

Description:

WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress 插件是WordPress开源的一个应用插件。

Kaswara Modern VC Addons WordPress plugin 3.0.1版本及之前版本存在代码问题漏洞，该漏洞允许未经验证的任意文件通过uploadFontIconAJAX动作上传。在wp-content中解压缩的zipfile上载kaswara fonts icon目录，未能检查PHP等恶意文件。目前没有详细漏洞细节提供。

Severity: 高

Patch Name: WordPress plugin代码问题漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-24284

Impacted products

Name
WordPress Kaswara Modern VC Addons WordPress plugin <=3.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-24284",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-24284"
    }
  },
  "description": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nKaswara Modern VC Addons WordPress plugin 3.0.1\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u9a8c\u8bc1\u7684\u4efb\u610f\u6587\u4ef6\u901a\u8fc7uploadFontIconAJAX\u52a8\u4f5c\u4e0a\u4f20\u3002\u5728wp-content\u4e2d\u89e3\u538b\u7f29\u7684zipfile\u4e0a\u8f7dkaswara fonts icon\u76ee\u5f55\uff0c\u672a\u80fd\u68c0\u67e5PHP\u7b49\u6076\u610f\u6587\u4ef6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-36531",
  "openTime": "2021-05-22",
  "patchDescription": "WordPress\u662fWordpress\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002WordPress \u63d2\u4ef6\u662fWordPress\u5f00\u6e90\u7684\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\r\n\r\nKaswara Modern VC Addons WordPress plugin 3.0.1\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u9a8c\u8bc1\u7684\u4efb\u610f\u6587\u4ef6\u901a\u8fc7uploadFontIconAJAX\u52a8\u4f5c\u4e0a\u4f20\u3002\u5728wp-content\u4e2d\u89e3\u538b\u7f29\u7684zipfile\u4e0a\u8f7dkaswara fonts icon\u76ee\u5f55\uff0c\u672a\u80fd\u68c0\u67e5PHP\u7b49\u6076\u610f\u6587\u4ef6\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress plugin\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Kaswara Modern VC Addons WordPress plugin \u003c=3.0.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-24284",
  "serverity": "\u9ad8",
  "submitTime": "2021-05-20",
  "title": "WordPress plugin\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2021-24284 (GCVE-0-2021-24284)

Vulnerability from cvelistv5

Published

2021-05-14 11:38

Modified

2024-08-03 19:28

Severity ?

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

References

▼	URL	Tags
	https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5	x_refsource_CONFIRM
	https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477	x_refsource_MISC
	http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SayenThemes	Kaswara Modern VC Addons	Version: 3.0.1 <

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:28:22.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kaswara Modern VC Addons",
          "vendor": "SayenThemes",
          "versions": [
            {
              "lessThanOrEqual": "3.0.1",
              "status": "affected",
              "version": "3.0.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Robin Goodfellow"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the \u0027uploadFontIcon\u0027 AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-14T15:06:23",
        "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "shortName": "WPScan"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Kaswara Modern VC Addons \u003c= 3.0.1 - Unauthenticated Arbitrary File Upload",
      "x_generator": "WPScan CVE Generator",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "contact@wpscan.com",
          "ID": "CVE-2021-24284",
          "STATE": "PUBLIC",
          "TITLE": "Kaswara Modern VC Addons \u003c= 3.0.1 - Unauthenticated Arbitrary File Upload"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Kaswara Modern VC Addons",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "3.0.1",
                            "version_value": "3.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SayenThemes"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Robin Goodfellow"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the \u0027uploadFontIcon\u0027 AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP."
            }
          ]
        },
        "generator": "WPScan CVE Generator",
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5",
              "refsource": "CONFIRM",
              "url": "https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5"
            },
            {
              "name": "https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477",
              "refsource": "MISC",
              "url": "https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477"
            },
            {
              "name": "http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
    "assignerShortName": "WPScan",
    "cveId": "CVE-2021-24284",
    "datePublished": "2021-05-14T11:38:17",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T19:28:22.818Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted