High severity7.2NVD Advisory· Published May 6, 2021· Updated Jun 17, 2026
CVE-2021-24254
CVE-2021-24254
Description
The College publisher Import WordPress plugin through 0.1 does not check for the uploaded CSV file to import, allowing high privilege users to upload arbitrary files, such as PHP, leading to RCE. Due to the lack of CSRF check, the issue could also be exploited via a CSRF attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=0.1
Patches
Vulnerability mechanics
References
2- github.com/jinhuang1102/CVE-ID-Reports/blob/master/College%20Puglisher%20Import.mdnvdExploitThird Party Advisory
- wpscan.com/vulnerability/bb3e56dd-ae2e-45c2-a6c9-a59ae5fc1dc4nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.