CVE-2021-24981 – Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

https://notcve.org/view.php?id=CVE-2021-24981

16 Nov 2021 — The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. El plugin Directorist de WordPress versiones anteriores a 7.0.6.2, era vulnerable a un ataque de tipo Cross-Site Request Forgery a la Carga Remota de Archivos, conllevando a cargas arbitrarias del shell de PHP en el directorio wp-content/plugins • https://blog.sucuri.net/2021/11/fake-ransomware-infection-spooks-website-owners.html • CWE-352: Cross-Site Request Forgery (CSRF) CWE-434: Unrestricted Upload of File with Dangerous Type •