Kaswara Project - Kaswara CVE

Filtered by vendor Kaswara Project Subscribe

Filtered by product Kaswara

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-24284	1 Kaswara Project	1 Kaswara	2022-07-14	7.5 HIGH	9.8 CRITICAL
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

Vulnerabilities (CVE)