Arbitrary File Upload Vulnerability in Smart Product Review Plugin for WordPress
CVE-2021-4455

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WordPress Plugin Smart Product Review
Vendor: CVE Published:; 19 April 2025

What is CVE-2021-4455?

The Smart Product Review Plugin for WordPress allows unauthenticated users to upload arbitrary files due to a lack of proper file type validation. This vulnerability affects all versions up to and including 1.0.4. Attackers can exploit this weakness to upload malicious files, potentially leading to remote code execution on the server and compromising the affected site. It is crucial for users of the plugin to update to the latest version and implement security measures to mitigate the risks associated with this vulnerability.

Affected Version(s)

Wordpress Plugin Smart Product Review * <= 1.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.exploit-db.com/exploits/50533

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2025
Vulnerability Reserved
Apr 18, 2025

Credit

Keyvan Hardani