Login Sign Up

CVE-2021-24171

9.8 CRITICAL
Remote Code Execution Path Traversal

📋 TL;DR

This vulnerability in the WooCommerce Upload Files WordPress plugin allows attackers to bypass file extension filtering and upload malicious PHP files. It affects WordPress sites using vulnerable versions of the plugin, potentially leading to remote code execution. Attackers can also perform path traversal to upload files to unintended locations.

💻 Affected Systems

Products:
  • WooCommerce Upload Files WordPress plugin
Versions: All versions before 59.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires plugin to be installed and active on WordPress with WooCommerce.

📦 What is this software?

Woocommerce Upload Files by Vanquish

View all CVEs affecting Woocommerce Upload Files →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and website defacement.

🟠

Likely Case

Malicious file upload resulting in backdoor installation, data exfiltration, or site takeover.

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to upload files but is technically simple once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 59.4

Vendor Advisory: https://wpscan.com/vulnerability/ed4288a1-f7e4-455f-b765-5ac343f87194

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WooCommerce Upload Files. 4. Click 'Update Now' if available. 5. Alternatively, download version 59.4+ from WordPress repository and replace plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily deactivate the WooCommerce Upload Files plugin until patched.

wp plugin deactivate woocommerce-upload-files

Restrict file uploads via .htaccess

linux

Block PHP file execution in upload directories.

<FilesMatch "\.php$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Disable the WooCommerce Upload Files plugin immediately.
  • Implement web application firewall rules to block malicious upload patterns.

🔍 How to Verify

Check if Vulnerable:

Check plugin version in WordPress admin under Plugins > Installed Plugins.

Check Version:

wp plugin get woocommerce-upload-files --field=version

Verify Fix Applied:

Confirm plugin version is 59.4 or higher after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with double extensions like 'file.php.jpg'
  • Upload attempts to non-standard directories via path traversal

Network Indicators:

  • HTTP POST requests to upload endpoints with manipulated wcuf_file_name or wcuf_current_upload_session_id parameters

SIEM Query:

source="web_logs" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path LIKE "%/wcuf/%") AND (param_name="wcuf_file_name" AND param_value LIKE "%.php%")

📊 Metadata

CVE ID: CVE-2021-24171
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: April 5, 2021
Last Updated: November 25, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24171, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)