CVE-2021-24212

Confirmed PUBLISHED

WooCommerce Help Scout < 2.9.1 - Unauthenticated Arbitrary File Upload leading to RCE

Unknown · WooCommerce Help Scout

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
67
Unique Attacker IPs
23
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.8 Critical EPSS 7.9%

At a Glance

The WooCommerce Help Scout WordPress plugin before 2.9.1 (https://woocommerce.com/products/woocommerce-help-scout/) allows unauthenticated users to upload any files to the site which by default will end up in wp-content/uploads/hstmp.

nuclei_scanner wordpress
CVE Published
Apr 05, 2021
Exploitation Reported
Nov 30, 2025
CVSS
9.8 Critical
EPSS
7.9%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
Unknown
WooCommerce Help Scout

2.9.1 to < 2.9.1

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.