Critical severity9.8NVD Advisory· Published Apr 12, 2021· Updated Jun 17, 2026
CVE-2021-24222
CVE-2021-24222
Description
The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and submit files for their profile picture as well as resume, without any file extension restriction, leading to RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=6.3+ 1 more
- (no CPE)range: <=6.3
- (no CPE)range: <=6.3
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/4d715de6-8595-4da9-808a-04a28e409900nvdExploitThird Party Advisory
- github.com/jinhuang1102/CVE-ID-Reports/blob/145fc4e34c9b9799275c8e19d6b02f544c88126b/WP_Curriculo_Free.mdnvdThird Party Advisory
News mentions
0No linked articles in our index yet.