← back
CVE-2021-24663

Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload

EPSS 1.4%CWE-434
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
Affected products
Unknown · Simple Schools Staff Directory

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46a