WordPress File Upload < 4.16.3 - Contributor+ Path Traversal to RCE
CVE-2021-24962

8.8HIGH

Key Information:

Vendor: Wordpress
Status: WordPress File Upload; WordPress File Upload Pro
Vendor: CVE Published:; 28 March 2022

Summary

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to upload a PHP code disguised as an image inside the auto-loaded directory of the plugin, resulting in arbitrary code execution.

Affected Version(s)

WordPress File Upload 4.16.3

WordPress File Upload Pro 4.16.3

References

https://plugins.trac.wordpress.org/changeset/2677722

x_refsource_CONFIRM

https://wpscan.com/vulnerability/7a95b3f2-285e-40e3-aead-...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2022
Vulnerability Reserved
Jan 14, 2021

Credit

apple502j