{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T22:17:43.316","vulnerabilities":[{"cve":{"id":"CVE-2021-24284","sourceIdentifier":"contact@wpscan.com","published":"2021-05-14T12:15:08.387","lastModified":"2024-11-21T05:52:45.527","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP."},{"lang":"es","value":"El plugin de WordPress Kaswara Modern VC Addons versiones hasta 3.0.1, permite la carga de archivos arbitrarios no autenticados mediante la acción AJAX \"uploadFontIcon\". El archivo zip proporcionado está siendo descomprimido en el directorio wp-content/uploads/kaswara/fonts_icon sin comprobación de archivos maliciosos como PHP"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"contact@wpscan.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kaswara_project:kaswara:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"3.0.1","matchCriteriaId":"8B9EF5A0-624E-4C09-8DB5-8DD87CFF3FFA"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477","source":"contact@wpscan.com","tags":["Product","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5","source":"contact@wpscan.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Third Party Advisory"]},{"url":"https://wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}