.. / CVE-2021-24284

Exploit for WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload (CVE-2021-24284)

Description:

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

Nuclei Template

View the template here CVE-2021-24284.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24284.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-24284
https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5
https://github.com/advisories/GHSA-wqvg-8q49-hjc7
https://www.waltermairena.net/en/2021/04/25/0-day-vulnerability-in-the-plugin-kaswara-modern-vc-addons-plugin-what-can-i-do/
https://lifeinhex.com/kaswara-exploit-or-how-much-wordfence-cares-about-user-security/
https://www.wordfence.com/blog/2021/04/psa-remove-kaswara-modern-wpbakery-page-builder-addons-plugin-immediately/

.. / CVE-2021-24284 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload (CVE-2021-24284)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24284