WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE
CVE-2021-24212

9.8CRITICAL

Key Information:

Vendor: Wordpress
Status: WooCommerce Help Scout
Vendor: CVE Published:; 5 April 2021

Summary

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

Affected Version(s)

WooCommerce Help Scout 2.9.1

References

https://wpscan.com/vulnerability/cf9305e8-f5bc-45c3-82db-...

x_refsource_CONFIRM

http://dzv365zjfbd8v.cloudfront.net/changelogs/woocommerc...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 5, 2021
Vulnerability Reserved
Jan 14, 2021

Credit

Ville Korhonen / Seravo