Critical severity9.8NVD Advisory· Published May 14, 2021· Updated Jun 17, 2026
CVE-2021-24284
CVE-2021-24284
Description
The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=3.0.1
- Range: 3.0.1
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/167743/WordPress-Kaswara-Modern-WPBakery-Page-Builder-3.0.1-File-Upload.htmlnvdExploitThird Party AdvisoryVDB Entry
- wpscan.com/vulnerability/8d66e338-a88f-4610-8d12-43e8be2da8c5nvdExploitThird Party Advisory
- codecanyon.net/item/kaswara-modern-visual-composer-addons/19341477nvdProductThird Party Advisory
News mentions
0No linked articles in our index yet.