Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total2

Critical1

High1

Medium0

Search Severity Year Type Sort Order

Reset

Showing 1-2 of 2 records

Threat Entry Updated 2024-10-30

CVE-2021-4448 - Kaswara Modern Vc Addons Plugin

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions such as importing data, uploading arbitrary files, deleting arbitrary files, and more.

PLUGIN Kaswara Modern Vc Addons

CVE-2021-4448

HIGH CVSS 7.3 2024-10-16

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2021-24284 - Kaswara Modern Vc Addons Plugin

The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.

PLUGIN Kaswara Modern Vc Addons

CVE-2021-24284

CRITICAL CVSS 9.8 2021-05-14

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2021-4448 - Kaswara Modern Vc Addons Plugin

CVE-2021-24284 - Kaswara Modern Vc Addons Plugin

Company Links

Contact Us