Beta

Report

Simple Schools Staff Directory <= 1.1 is vulnerable to Arbitrary File Upload vulnerability

Administrator
Published
2021-08-22

The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24663

CVSS

Score:7.2

Severity:High

Version: 1.1

The plugin vendor has not patched this vulnerability at the moment.