Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2021-42362

Disclosure Date: November 12, 2021
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • WordPress Popular Posts

Products

  • WordPress Popular Posts
Technical Analysis