High severity7.2NVD Advisory· Published Sep 20, 2021· Updated Jun 17, 2026
CVE-2021-24663
CVE-2021-24663
Description
The Simple Schools Staff Directory WordPress plugin through 1.1 does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Simple Schools Staff Directory plugindescription
- Range: <=1.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/8b5b5b57-50c5-4cd8-9171-168c3e9df46anvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.