CVE-2021-4382

Опубликовано: 07 июн. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. This makes it possible for authenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Ссылки

https://plugins.trac.wordpress.org/changeset/2542693
Release Notes
https://wpscan.com/vulnerability/92c3f26a-1a84-459a-874b-07dc83c9f42a
Third Party Advisory
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2542693
Release Notes
https://wpscan.com/vulnerability/92c3f26a-1a84-459a-874b-07dc83c9f42a
Third Party Advisory
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-recently-multiple-vulnerabilities-3-0-4/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/f8297149-2de3-4e49-80f9-6ea59dea6bce?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:recently_project:recently:*:*:*:*:*:wordpress:*:*

Версия до 3.0.5 (исключая)

EPSS

Процентиль: 92%

0.07775

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-xrc5-wm9f-xf92