WordPress Download Manager <= 3.1.24 Authenticated Arbitrary File Upload
CVE-2021-34639

7.5HIGH

Key Information:

Vendor: Wordpress
Status: WordPress Download Manager
Vendor: CVE Published:; 5 August 2021

Summary

Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions.

Affected Version(s)

WordPress Download Manager 3.1.24

References

https://www.wordfence.com/blog/2021/07/wordpress-download...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 5, 2021
Vulnerability Reserved
Jun 10, 2021

Credit

Ramuel Gall, Wordfence