WordPress Kaswara Modern VC Addons 漏洞列表

共找到 1 个与 WordPress Kaswara Modern VC Addons 相关的漏洞

📅 加载漏洞趋势中...

CVE-2021-24284: WordPress Kaswara Modern VC Addons <=3.0.1 - Arbitrary File Upload POC

日期: 2025-08-01 | 影响软件: WordPress Kaswara Modern VC Addons

WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.