CVE-2021-24491: 
WordPress vulnerability analysis and mitigation

The Fileviewer WordPress plugin through version 2.2 contains a Cross-Site Request Forgery (CSRF) vulnerability. The vulnerability was discovered and publicly disclosed on August 17, 2021, and was assigned CVE-2021-24491. The vulnerability affects all versions of the Fileviewer WordPress plugin up to and including version 2.2 (WPScan).

The vulnerability stems from the absence of CSRF protection mechanisms in the plugin when performing file operations such as upload and delete functions. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. It is classified as CWE-352 (Cross-Site Request Forgery) (NVD).

The vulnerability allows attackers to execute unauthorized file operations by tricking authenticated administrators into performing unintended actions. Specifically, attackers can force administrators to delete existing files or upload arbitrary files to the server through CSRF attacks (WPScan).

As of the latest reports, there is no known fix available for this vulnerability. The recommended mitigation is to either uninstall the plugin or implement additional security controls to restrict access to the plugin's functionality (WPScan).