The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on the disk but not yet removed. It is a bypass of CVE-2020-24948.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2021-06-21T19:18:23
Updated: 2024-08-03T19:28:23.923Z
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24377
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-06-21T20:15:09.117
Modified: 2021-09-20T17:10:55.433
Link: CVE-2021-24377
Redhat
No data.