WordPress Modern WPBakery Page Builder Addons premium plugin <= 3.0.1 - Arbitrary File Upload/Deletion vulnerabilities

kaswara

Software
Modern WPBakery Page Builder Addons
Versions
<= 3.0.1
Disclosure date
2021-04-21
CVE
CVE-2021-24284
Classification
Arbitrary File Upload
OWASP Top 10
A1: Injection
CVSS 3.0 score

10

Critical

Are your websites subject to this vulnerability?

Details

Arbitrary File Upload/Deletion vulnerabilities discovered by Robin Goodfellow in WordPress Modern WPBakery Page Builder Addons premium plugin (versions <= 3.0.1).

Solution

Plugin removed from Envato repository. Deactivate and delete.

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.