CVE-2021-24223

Published: Apr 12, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be hard to guess as it's generated with md5(uniqid(rand())), however, in the case of misconfigured servers with Directory listing enabled, accessing it is trivial.

Affected (1)

Products: N5 Upload Form Project: N5 Upload Form

N5 Upload Form Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
N5 Upload Form Project N5 Upload Form	Up to 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db

Source: contact@wpscan.com

ExploitThird Party Advisory

https://github.com/jinhuang1102/CVE-ID-Reports/blob/12863f80ced5361e2e2c3f7209566ab3730aa37b/N5_upload.md

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://wpscan.com/vulnerability/d7a72183-0cd1-45de-b98b-2e295b27e5db

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.