CVE-2021-24493

Name of the Vulnerable Software and Affected Versions Shopp WordPress plugin versions 1.4 and earlier

Description The issue concerns the lack of security measures in the shopp upload file AJAX action, allowing both unauthenticated and authenticated users to upload malicious files, such as PHP files, without restriction. This can lead to remote code execution (RCE) as unauthenticated users can upload arbitrary files.

Recommendations For Shopp WordPress plugin versions 1.4 and earlier, as a temporary workaround, consider disabling the shopp upload file AJAX action until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. Avoid using the file upload feature in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.