Login Sign Up

CVE-2021-24254

7.2 HIGH
Remote Code Execution CSRF

📋 TL;DR

The College Publisher Import WordPress plugin through version 0.1 allows authenticated administrators to upload arbitrary files including PHP scripts, leading to remote code execution. The vulnerability can also be exploited via CSRF attacks due to lack of CSRF protection. This affects WordPress sites using the vulnerable plugin version.

💻 Affected Systems

Products:
  • College Publisher Import WordPress Plugin
Versions: All versions through 0.1
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator-level access to exploit directly, but CSRF bypass allows lower-privilege exploitation.

📦 What is this software?

College Publisher Import by College Publisher Import Project

View all CVEs affecting College Publisher Import →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing attackers to execute arbitrary code, install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Website defacement, malware installation, data theft, or use as part of a botnet.

🟢

If Mitigated

Limited impact with proper file upload restrictions and CSRF protections in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires administrator credentials or successful CSRF attack against an administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None available

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Remove the College Publisher Import plugin completely. 2. Verify no malicious files were uploaded during exploitation. 3. Consider using alternative import plugins with proper security controls.

🔧 Temporary Workarounds

Disable plugin

linux

Completely remove the vulnerable plugin from WordPress

wp plugin delete college-publisher-import

Restrict file uploads

all

Configure web server to block PHP file execution in upload directories

<FilesMatch "\.php$">
    Deny from all
</FilesMatch>

🧯 If You Can't Patch

  • Implement strict file upload validation in web application firewall
  • Enable CSRF protection globally and monitor for suspicious administrator activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel for College Publisher Import plugin version 0.1 or earlier

Check Version:

wp plugin list --name=college-publisher-import --field=version

Verify Fix Applied:

Confirm plugin is removed from wp-content/plugins directory and not listed in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • PHP file uploads to plugin directories
  • CSV import requests with unusual file extensions
  • Administrator account performing unexpected file uploads

Network Indicators:

  • POST requests to /wp-admin/admin.php?page=college-publisher-import with file uploads
  • Unexpected PHP file execution from upload directories

SIEM Query:

source="web_logs" AND (uri="/wp-admin/admin.php?page=college-publisher-import" OR file_extension="php") AND action="upload"

📊 Metadata

CVE ID: CVE-2021-24254
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: May 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-24254, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)