CVE-2021-24757

CWE-863Incorrect AuthorizationCWE-284Improper Access Control3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.5%
top 36.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Stylish Price ListStylishpricelist Stylish Price List
Timeline
PublishedNov 1
Latest updateMay 24

Description

The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could allow unauthenticated users to upload images.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/stylish_price_list6.9.06.9.0

🔴Vulnerability Details

2
GHSA
GHSA-gv86-wf87-753x: The Stylish Price List WordPress plugin before 62022-05-24
CVEList
Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload2021-11-01
CVE-2021-24757 (MEDIUM CVSS 5.3) | The Stylish Price List WordPress pl | cvebase.io