Arbitrary File Read Vulnerability in RVM WordPress Plugin

Arbitrary File Read Vulnerability in RVM WordPress Plugin

CVE-2021-24947 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server

Learn more about our Wordpress Pen Testing.