⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-24499

CWE-434Unrestricted File Upload7 documents7 sources
Severity
9.8CRITICAL
EPSS
93.9%
top 0.12%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Unknown WorkreapAmentotech Workreap
Timeline
PublishedAug 9
Latest updateJun 9

Description

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/workreap2.2.22.2.2
NVDamentotech/workreap< 2.2.2

🔴Vulnerability Details

3
GHSA
GHSA-r7ww-r6jj-2jrh: The Workreap WordPress theme before 22022-05-24
CVEList
Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution2021-08-09
VulnCheck
amentotech workreap Unrestricted Upload of File with Dangerous Type2021

💥Exploits & PoCs

2
Exploit-DB
WordPress Theme Workreap 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution2023-06-09
Nuclei
WordPress Workreap - Remote Code Execution

🕵️Threat Intelligence

1
Unit42
Network Security Trends: August-October 20212021-12-21
CVE-2021-24499 (CRITICAL CVSS 9.8) | The Workreap WordPress theme before | cvebase.io