High severity8.8NVD Advisory· Published Sep 13, 2021· Updated Jun 17, 2026
CVE-2021-24491
CVE-2021-24491
Description
The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Fileviewerdescription
- Range: <=2.2
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/ddd37827-f4c1-4806-8846-d06d9fbf23ddnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.