High severity7.2NVD Advisory· Published May 6, 2021· Updated Jun 17, 2026
CVE-2021-24252
CVE-2021-24252
Description
The Event Banner WordPress plugin through 1.3 does not verify the uploaded image file, allowing admin accounts to upload arbitrary files, such as .exe, .php, or others executable, leading to RCE. Due to the lack of CSRF check, the issue can also be used via such vector to achieve the same result, or via a LFI as authorisation checks are missing (but would require WP to be loaded)
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Event Bannerdescription
- Range: <=1.3
Patches
Vulnerability mechanics
References
2- wpscan.com/vulnerability/91e81c6d-f24d-4f87-bc13-746715af8f7cnvdExploitThird Party Advisory
- github.com/jinhuang1102/CVE-ID-Reports/blob/master/Event%20Banner.mdnvdBroken Link
News mentions
0No linked articles in our index yet.