CVE-2021-42362
high-risk
Published 2021-11-17
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
Do I need to act?
!
77.5% chance of exploitation in next 30 days
EPSS score — higher than 22% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Wordpress Popular Posts
Affected Vendors
References (12)
Third Party Advisory
https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362
Third Party Advisory
https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009
Third Party Advisory
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362
55
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
20/34 · Moderate
Exposure
5/34 · Minimal