CVE

CVE-2021-24223

admin

CVE-2021-24223

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as itโ€™s generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.

Source: CVE-2021-24223

Exit mobile version