Sayenthemes Kaswara Modern Vc Addons vulnerabilities
2 known vulnerabilities affecting sayenthemes/kaswara_modern_vc_addons.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2021-24284P1CRITICALCVSS 9.8ExploitedPoC≥ 3.0.1, ≤ 3.0.12021-05-14
CVE-2021-24284 [CRITICAL] CWE-434 CVE-2021-24284: The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file up
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
nvd
CVE-2021-4448P1CRITICALCVSS 9.8ExploitedPoC≤ 3.0.12024-10-16
CVE-2021-4448 [CRITICAL] CWE-862 CVE-2021-4448: The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions
The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, delet
nvd