Vulnerability Details CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.845
EPSS Ranking 99.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html
- https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/
- https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601
- https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php
- https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362
- http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html
- https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/
- https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601
- https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php
- https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362
Products affected by CVE-2021-42362
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:-
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.3.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.3.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.5
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.4.6
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.5.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:1.5.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.0.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.0.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.0.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.0.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.5
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.6
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.1.7
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.2.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.2.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.5
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.6
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:2.3.7
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.0.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.0.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.0.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.0.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.1.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.1.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.2.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.2.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.2.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.2.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.2.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.3.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.3.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.3.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.3.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:3.3.4
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.10
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.11
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.12
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.13
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.3
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.5
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.6
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.8
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.0.9
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.1.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.1.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.1.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.2.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.2.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:4.2.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.0.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.0.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.0.2
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.1.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.3.0
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.3.1
-
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:5.3.2