CVE-2021-24370

Critical

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote…

WPScan·CWE-434·Published 2021-06-21

CVSS

9.8

EPSS

0.47

KEV

Exploits

cve.orgen

152 chars

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.

NVDen

152 chars

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.

El plugin Fancy Product Designer de WordPress versiones anteriores a 4.6.9, permite a atacantes no autenticados cargar archivos arbitrarios, resultando en una ejecución de código remota

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H