CVE-2021-42362 : The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file upl

The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.

Published 2021-11-17 18:15:08

Updated 2024-09-16 19:16:00

Source Wordfence

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2021-42362

Wordpress Popular Posts Project » Wordpress Popular Posts » For Wordpress
Versions up to, including, (<=) 5.3.2
cpe:2.3:a:wordpress_popular_posts_project:wordpress_popular_posts:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-42362

EPSS FAQ

84.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-42362

Wordpress Popular Posts Authenticated RCE

Disclosure Date: 2021-06-11

First seen: 2022-12-23

exploit/multi/http/wp_popular_posts_rce

This exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to a HEAD request for the payload, prior to gettin

More information

CVSS scores for CVE-2021-42362

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	Wordfence
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-42362

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

Assigned by: security@wordfence.com (Primary)

References for CVE-2021-42362

https://www.wordfence.com/vulnerability-advisories/#CVE-2021-42362

Vulnerability Advisories - Wordfence
Third Party Advisory
http://packetstormsecurity.com/files/165376/WordPress-Popular-Posts-5.3.2-Remote-Code-Execution.html

WordPress Popular Posts 5.3.2 Remote Code Execution ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://blog.nintechnet.com/improper-input-validation-fixed-in-wordpress-popular-posts-plugin/

Improper input validation fixed in WordPress Popular Posts plugin. – NinTechNet
Exploit;Third Party Advisory
https://plugins.trac.wordpress.org/changeset/2542638/wordpress-popular-posts/trunk/src/Image.php

Changeset 2542638 for wordpress-popular-posts/trunk/src/Image.php – WordPress Plugin Repository
Patch;Third Party Advisory
https://github.com/cabrerahector/wordpress-popular-posts/commit/d9b274cf6812eb446e4103cb18f69897ec6fe601

Image: verifies that URLs are images · cabrerahector/wordpress-popular-posts@d9b274c · GitHub
https://wpscan.com/vulnerability/bd4f157c-a3d7-4535-a587-0102ba4e3009

Attention Required! | Cloudflare
Third Party Advisory

Jump to